Commit Graph

5091 Commits (33bfb7bfc7722803a54fe46ad6c03bef40d0b95c)

Author SHA1 Message Date
Joey Hess 6cc69038ca Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info 2008-05-13 12:44:06 -04:00
Joey Hess fba4a198b5 mdwn: Add a multimarkdown setup file option. 2008-05-13 12:43:25 -04:00
Joey Hess f1b1e193da web commit by https://noone.org/openid//: Added note about license (GPL) 2008-05-13 07:08:39 -04:00
Joey Hess d06e4c2c33 add news item for ikiwiki 2.46 2008-05-12 20:57:46 -04:00
Joey Hess fb3d5b4800 Fixes for behavior changes in perl 5.10's CGI
Something has changed in CGI.pm in perl 5.10. It used to not care
if STDIN was opened using :utf8, but now it'll mis-encode utf-8 values
when used that way by ikiwiki. Now I have to binmode(STDIN) before
instantiating the CGI object.

In 57bba4dac1, I changed from decoding
CGI::Formbuilder fields to utf-8, to decoding cgi parameters before setting
up the form object. As of perl 5.10, that approach no longer has any effect
(reason unknown). To get correctly encoded values in FormBuilder forms,
they must once again be decoded after the form is set up.

As noted in 57bba4da, this can cause one set of problems for
formbuilder_setup hooks if decode_form_utf8 is called before the hooks, and
a different set if it's called after. To avoid both sets of problems, call
it both before and after. (Only remaining problem is the sheer ugliness and
inefficiency of that..)

I think that these changes will also work with older perl versions, but I
haven't checked.

Also, in the case of the poll plugin, the cgi parameter needs to be
explcitly decoded before it is used to handle utf-8 values. (This may have
always been broken, not sure if it's related to perl 5.10 or not.)
2008-05-12 20:44:22 -04:00
Joey Hess 80a110ad60 update 2008-05-12 17:13:02 -04:00
Joey Hess adb5d92ed7 not just a poll plugin problem 2008-05-12 17:09:40 -04:00
Joey Hess 7ac5b0414d Revert "web commit by http://joey.kitenet.net/: testing utf-8"
This reverts commit 908375a63e.
2008-05-12 17:08:10 -04:00
Joey Hess 908375a63e web commit by http://joey.kitenet.net/: testing utf-8 2008-05-12 17:07:17 -04:00
Joey Hess bafb2d7b81 web commit by http://liw.fi/ 2008-05-12 16:26:38 -04:00
Joey Hess be81c594ce thoughts 2008-05-12 14:38:17 -04:00
Joey Hess 21cd34106d response 2008-05-12 14:10:17 -04:00
Joey Hess 3ca4b4089a web commit by http://liw.fi/: Updated URL for openiddirectory page. It had moved. 2008-05-11 08:15:34 -04:00
Joey Hess 7a4a17f120 web commit by http://liw.fi/: Updated URL for emacs markdown mode. The page had moved to a new location. 2008-05-11 08:14:13 -04:00
Joey Hess 345c707921 web commit by http://madduck.net/ 2008-05-10 14:15:23 -04:00
Joey Hess 8dc18fc9d4 web commit by http://madduck.net/ 2008-05-10 13:18:26 -04:00
Joey Hess ae980bc471 web commit by http://madduck.net/: add shortcut for wiki.debian.org 2008-05-10 09:28:14 -04:00
Joey Hess e34011afcc web commit by buo: Response 2008-05-09 16:46:40 -04:00
Joey Hess 4eba3f631b design for a xapian search plugin 2008-05-08 19:42:33 -04:00
Joey Hess a50fb83394 add --delete-bucket option 2008-05-08 16:11:39 -04:00
Joey Hess 0168cc3c8b response 2008-05-08 15:53:48 -04:00
Joey Hess 879f3a9403 Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info 2008-05-08 15:51:41 -04:00
Joey Hess b8d81b7b7f amazon s3 index file improvements
Turns out duplicate index files do not need to be stored when usedirs is in
use, just when it's not. Ikiwiki is quite consistent about using page/ when
usedirs is in use. (The only exception is the search plugin, which needs
fixing.)

This also includes significant code cleanup, removal of a incorrect special
case for empty files, and addition of a workaround for a bug in the amazon
perl module.
2008-05-08 15:51:09 -04:00
Joey Hess 2bf34f1733 web commit by buo: re: question 2008-05-08 14:45:57 -04:00
Joey Hess ca33ec2b9c question 2008-05-08 14:12:44 -04:00
Joey Hess 57cf8ef4f2 web commit by buo: More information on ikiwiki mangling accented characters 2008-05-08 11:56:37 -04:00
Joey Hess 6bba9b0e4d web commit by http://madduck.net/: closing 2008-05-08 10:59:38 -04:00
Joey Hess a3e1783596 web commit by buo: Removing previous installation fixes compile failure. 2008-05-08 10:29:48 -04:00
Joey Hess de344200c6 web commit by jrn: gratuitous change to test (remove "And") 2008-05-08 00:26:58 -04:00
Joey Hess dafa7ef3e2 most modules are pre-installed now 2008-05-08 00:20:49 -04:00
Joey Hess be89d6749e update 2008-05-07 23:51:01 -04:00
Joey Hess 9e6a4ccfdd amazon s3 support implemented and kinda working
pruning not yet implemented, however
2008-05-07 23:15:43 -04:00
Joey Hess 939885d556 whitespace 2008-05-07 22:02:28 -04:00
Joey Hess d1154b2925 documentation for amazon_s3 plugin
Now to write it. :-)
2008-05-07 21:20:58 -04:00
Joey Hess 3eb3ff6208 cannot reproduce 2008-05-07 17:10:43 -04:00
Joey Hess a7ece50826 Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info 2008-05-07 17:06:12 -04:00
Joey Hess cdf8ced4c2 clarification 2008-05-07 16:35:06 -04:00
Joey Hess 2b5d12f658 web commit by buo: bug: 2.45 fails to compile 2008-05-07 14:47:30 -04:00
Joey Hess b731fce466 web commit from 145.97.197.85: poll vote (Accept both) 2008-05-07 04:11:57 -04:00
Joey Hess 2c000c6e32 fix links 2008-05-06 19:24:00 -04:00
Joey Hess dc26eb7d12 new tip documenting how to use the pinger and pingee plugins 2008-05-06 19:22:09 -04:00
Joey Hess b144831e46 pinger/pingee now tested and working 2008-05-06 19:06:53 -04:00
Joey Hess 880d098dab template change documentation 2008-05-06 14:33:03 -04:00
Joey Hess 069c938aad update 2008-05-05 20:22:10 -04:00
Joey Hess 1f88cad3a2 aggregate: Add support for web-based triggering of aggregation for people stuck on shared hosting without cron. (Sheesh.) Enabled via the `aggregate_webtrigger` configuration optiom. 2008-05-05 20:20:45 -04:00
Joey Hess 86c6f2b963 fix PERL5LIB in examples
Using `pwd` makes some modules that call cpan recursively succeed to
install
2008-05-05 20:12:06 -04:00
Joey Hess 0599a6591f update 2008-05-05 19:14:33 -04:00
Joey Hess adeba977cb update 2008-05-05 19:10:42 -04:00
Joey Hess ed98af9750 add sections, expand, reorg 2008-05-05 19:08:47 -04:00
Joey Hess 8599297edf update 2008-05-05 18:59:20 -04:00
Joey Hess 7588f7b239 correction 2008-05-05 18:59:02 -04:00
Joey Hess df13ac07c8 more on cleanup 2008-05-05 15:39:36 -04:00
Joey Hess f324b911e2 linkify 2008-05-05 15:19:55 -04:00
Joey Hess 96b3880725 add news item for ikiwiki 2.45 2008-05-05 15:18:12 -04:00
Joey Hess 545054c356 releasing version 2.45 2008-05-05 15:17:44 -04:00
Joey Hess a72c33c76c updates 2008-05-05 15:03:38 -04:00
Joey Hess b1b9c2c0d1 formatting 2008-05-05 14:58:21 -04:00
Joey Hess b428fb1b14 formatting 2008-05-05 14:53:31 -04:00
Joey Hess 3a9dfb8361 enhancesments for shared hosting
* Add a Bundle::Ikiwiki to the source for use with CPAN to install *all*
  the modules ikiwiki can use.
* Add a cpan directory containing a CPAN::MyConfig that can ease use of
  CPAN to install in a home directory on shared hosting providers.
* With these changes, it's pretty easy to install onto nearlyfreespeech.net
  and probably other shared hosting providers like dreamhost. Added
  a tip page documentng the process for nearlyfreespeech.
2008-05-05 14:51:26 -04:00
Joey Hess ad44c47977 rename to more specific name 2008-05-05 14:14:08 -04:00
Joey Hess c1196acadc linkify 2008-05-03 13:32:28 -04:00
Joey Hess 27ca70225e web commit by RichMorin 2008-05-03 10:17:35 -04:00
Joey Hess 1ad826eb94 web commit by RichMorin 2008-05-03 10:08:36 -04:00
Joey Hess b2dea99417 Fix ugly display when editing a page that has vanished.
srcfile now has an optional second parameter to avoid it throwing an error
if the source file does not exist.
2008-05-02 13:02:07 -04:00
Joey Hess 6f852e88e3 anonk: Add anonok_pagespec configuration setting that can be used to allow anonymous users to edit only matching pages. Closes: #478892 2008-05-01 14:58:23 -04:00
Joey Hess f39659277d web commit by http://vibrog.myopenid.com/ 2008-04-30 16:25:30 -04:00
Joey Hess a512904a9d web commit by http://alcopop.org/me/openid/: poll vote (Accept only OpenID for logins) 2008-04-30 16:00:48 -04:00
Joey Hess a2e0ef4572 web commit by http://alcopop.org/me/openid/: context 2008-04-30 15:54:27 -04:00
Joey Hess 6de5cbaaee web commit by http://alcopop.org/me/openid/: test comment 2008-04-30 15:52:33 -04:00
Joey Hess 7647109bac Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info 2008-04-30 12:58:55 -04:00
Joey Hess bb51e81762 img: Support a title attribute, will be passed through to html. Closes: #478718 2008-04-30 12:58:36 -04:00
Joey Hess 3419cdfcbb web commit by buo: Web editing and mangled characters 2008-04-30 11:09:37 -04:00
Joey Hess 112737535c resp 2008-04-29 18:20:21 -04:00
Joey Hess 516908cc8e web commit by http://vibrog.myopenid.com/ 2008-04-29 01:37:57 -04:00
Joey Hess cafffef679 web commit by http://tychoish.livejournal.com/: sandbox test of wikilink 2008-04-28 22:31:48 -04:00
Joey Hess cf2652c139 web commit by JeremyReed: why if? 2008-04-28 17:54:32 -04:00
Joey Hess c25f0f7abd response 2008-04-28 17:01:59 -04:00
Joey Hess edaccbbb55 web commit by http://vibrog.myopenid.com/ 2008-04-28 16:39:22 -04:00
Joey Hess 66984deaeb thoughts 2008-04-28 15:57:17 -04:00
Joey Hess f37abf206e use a proper wiki link, not a html link 2008-04-28 15:52:42 -04:00
Joey Hess 72cedc59e9 fix formatting 2008-04-28 15:47:11 -04:00
Joey Hess 6412cbfe52 idea 2008-04-28 15:43:06 -04:00
Joey Hess dbb5d11196 Deal with different paths to perl when removing -T flag. 2008-04-28 15:37:17 -04:00
Joey Hess 4723d5f9f1 response 2008-04-28 15:34:11 -04:00
Joey Hess bde6809e5b web commit by http://vibrog.myopenid.com/ 2008-04-28 15:03:22 -04:00
Joey Hess 1a4ba6cbcf web commit by JeremyReed: about news site 2008-04-28 14:57:25 -04:00
Joey Hess f3eda82c08 web commit by JeremyReed: reply about perl version in filename too. 2008-04-28 14:15:38 -04:00
Joey Hess 0d80b13738 web commit by JeremyReed: reply 2008-04-28 14:11:52 -04:00
Joey Hess bbfc613360 web commit by http://vibrog.myopenid.com/ 2008-04-28 14:08:04 -04:00
Joey Hess 6b316dd8e0 response 2008-04-28 13:48:33 -04:00
Joey Hess 453bdeaf55 response 2008-04-28 13:46:50 -04:00
Joey Hess 9f02ee8634 Add PREFIX/bin to the hardcoded PATH within ikiwiki. 2008-04-28 13:44:37 -04:00
Joey Hess aa4f9fe232 response 2008-04-28 13:38:53 -04:00
Joey Hess 74d98c69b1 web commit by JeremyReed: found problem 2008-04-28 12:47:29 -04:00
Joey Hess bc9a448c58 web commit by JeremyReed: more info. sid is defined in prefs just not edit 2008-04-28 12:32:54 -04:00
Joey Hess 3b16d472c0 web commit by JeremyReed: sid not in form. 2008-04-28 12:09:47 -04:00
Joey Hess b6435e9b7d web commit by JeremyReed: fix link to SharedHosting by prefixing with slash. 2008-04-28 11:48:34 -04:00
Joey Hess e56dd17bcf web commit by JeremyReed: Can't exec "ikiwiki-transition" 2008-04-28 11:44:01 -04:00
Joey Hess 4e0f75a75f web commit by JeremyReed: hard-coded perl path 2008-04-28 11:07:05 -04:00
Joey Hess fdffe02d39 web commit by http://vibrog.myopenid.com/ 2008-04-28 05:52:58 -04:00
Joey Hess 02da269465 web commit by http://edward.myopenid.com/: fix code block rendering 2008-04-28 02:42:50 -04:00
Joey Hess 29bf14fcc3 followup 2008-04-27 14:34:23 -04:00
Joey Hess 1d4bc83aec the sandbox is not a TODO list. Remove TODO item 2008-04-27 14:32:55 -04:00
Joey Hess cc26b153b4 move question to discussion page, where it belongs 2008-04-27 14:32:30 -04:00
Joey Hess a64bc76fbe response 2008-04-27 14:31:35 -04:00
Joey Hess 502197e9bb web commit by http://vibrog.myopenid.com/ 2008-04-27 04:29:12 -04:00
Joey Hess 008de43f67 web commit by http://vibrog.myopenid.com/ 2008-04-27 04:28:28 -04:00
Joey Hess 319bf45a37 web commit by http://vibrog.myopenid.com/ 2008-04-27 04:22:55 -04:00
Joey Hess 51042ff04a web commit by http://vibrog.myopenid.com/ 2008-04-27 04:19:58 -04:00
Joey Hess 35f943e6f8 web commit by http://harningt.eharning.us/: applied alterations according to comments/git reqs 2008-04-27 00:23:27 -04:00
Joey Hess 17c276dea5 web commit by JeremyReed: about taint and -T build failure 2008-04-26 20:54:08 -04:00
Joey Hess 9652cdfe2e toc: Add the table of contents at sanitize time, rather than at format time. This allows the toc to be displayed when previewing an edit. It also avoids headers in the page template from showing up in the toc. 2008-04-26 15:13:01 -04:00
Joey Hess 2d78c4d9a7 response; fixed 2008-04-26 15:07:21 -04:00
Joey Hess deba9c7af4 response 2008-04-26 15:05:26 -04:00
Joey Hess 562e24d695 response 2008-04-26 14:55:56 -04:00
Joey Hess 59c81f07fa add news item for ikiwiki 2.44 2008-04-24 13:52:41 -04:00
Joey Hess 7758dbb279 web commit by http://madduck.net/ 2008-04-24 03:57:49 -04:00
Joey Hess 49043e48fa web commit by http://madduck.net/ 2008-04-24 03:12:51 -04:00
Joey Hess 3635867493 web commit by http://harningt.eharning.us/: updated openid reference 2008-04-24 00:01:27 -04:00
Joey Hess 475429a917 web commit by http://harningt.eharning.us/: more git attribution corner-case ideas 2008-04-24 00:00:53 -04:00
Joey Hess 2987b08ec9 web commit by http://mlcastle.net/: poll vote (Accept only OpenID for logins) 2008-04-22 20:32:45 -04:00
Joey Hess 04a7003c5d web commit by http://mlcastle.net/: add hindi text. 2008-04-22 20:13:11 -04:00
Joey Hess 827f6b9bfc remove question that was added to a non-discussion page 2008-04-22 15:19:15 -04:00
Joey Hess 710b118b49 web commit by Dirk 2008-04-22 14:40:37 -04:00
Joey Hess 6dcb111310 web commit by Dirk 2008-04-22 14:38:23 -04:00
Joey Hess 42f4904f72 web commit by http://hendry.iki.fi/: anti-expert-exchange 2008-04-22 04:58:20 -04:00
Joey Hess 3bc9d474a3 web commit by bartuer: add a question about restructuredtext 2008-04-21 15:25:51 -04:00
Joey Hess 0405299f07 web commit by http://andreyvit.livejournal.com/ 2008-04-21 00:16:48 -04:00
Joey Hess 3912a9f5e9 add CVE link 2008-04-20 15:25:51 -04:00
Joey Hess e62f3f8f95 web commit by http://codehelp.myopenid.com/: Add QOF and estron 2008-04-20 13:34:15 -04:00
Joey Hess a516b2a63f web commit by http://hendry.iki.fi/: google search 2008-04-19 17:15:30 -04:00
Joey Hess e1842ce95c remove random html
This page documents markdown. Please use the sandbox for formatting
testing, and not this page.
2008-04-18 18:43:33 -04:00
Joey Hess 84b915d6d1 web commit by alccode 2008-04-18 17:06:22 -04:00
Joey Hess 81355cd4c6 Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info 2008-04-17 14:38:16 -04:00
Joey Hess f1228946bd Bring back the svnrepo setup file option. This is needed for recentchangediff to work with svn repos. 2008-04-17 14:37:55 -04:00
Joey Hess 143c8770d1 web commit by http://sabr.myopenid.com/ 2008-04-17 08:40:07 -04:00
Joey Hess d420e032cc web commit by http://sabr.myopenid.com/: thanks belong at the end of the conversation, not the beginning! 2008-04-17 06:22:19 -04:00
Joey Hess 14b8d6369b web commit by http://sabr.myopenid.com/ 2008-04-17 06:12:21 -04:00
Joey Hess 4216b9590f web commit by http://sabr.myopenid.com/ 2008-04-17 03:12:49 -04:00
Joey Hess 543926c540 web commit by http://sabr.myopenid.com/ 2008-04-17 03:10:30 -04:00
Joey Hess cedb7c33f9 web commit by http://sabr.myopenid.com/ 2008-04-17 03:09:44 -04:00
Joey Hess 48976989e0 web commit by http://sabr.myopenid.com/ 2008-04-17 03:08:58 -04:00
Joey Hess cbe4f9ead5 web commit by http://sabr.myopenid.com/ 2008-04-17 03:08:36 -04:00
Joey Hess 9f44f60a89 web commit by http://sabr.myopenid.com/ 2008-04-17 03:08:11 -04:00
Joey Hess 2512ceebb0 web commit by http://sabr.myopenid.com/ 2008-04-17 02:29:18 -04:00
Joey Hess 21b8c3f94d web commit by JoshTriplett: Testing adding a page with page type not set. 2008-04-16 20:21:29 -04:00
Joey Hess 74d8a656da web commit by http://bruno.boulgour.com/: Typo 2008-04-16 19:14:58 -04:00
Joey Hess e8c9362c7f web commit by http://bruno.boulgour.com/: Problems with adminuser role 2008-04-16 19:14:07 -04:00
Joey Hess e91b128338 add news item for ikiwiki 2.43 2008-04-16 18:45:34 -04:00
Joey Hess 570f7e6594 web commit by http://hands.com/~phil/ 2008-04-15 06:39:46 -04:00
Joey Hess 982f969367 web commit by http://hands.com/id/phil/ 2008-04-13 16:54:58 -04:00
Joey Hess 10150e675d web commit by http://sabr.myopenid.com/ 2008-04-13 12:55:51 -04:00
Joey Hess 1efaa8e6ec web commit by http://sabr.myopenid.com/ 2008-04-13 12:55:02 -04:00
Joey Hess c8097457a7 web commit by http://sabr.myopenid.com/ 2008-04-13 12:52:22 -04:00
Joey Hess 9a2dfd21ab web commit by http://sabr.myopenid.com/ 2008-04-13 12:48:28 -04:00
Joey Hess 3f0de75332 web commit by http://sabr.myopenid.com/: add a toc to test it appearing in preview... it doesn't. 2008-04-13 12:21:33 -04:00
Joey Hess 40c03af378 web commit by http://sabr.myopenid.com/ 2008-04-13 12:08:44 -04:00
Joey Hess f4797af297 web commit by http://sabr.myopenid.com/ 2008-04-12 22:53:53 -04:00
Joey Hess 50e06351ca web commit by http://sabr.myopenid.com/ 2008-04-12 22:46:00 -04:00
Joey Hess 78e740f643 web commit by http://sabr.myopenid.com/ 2008-04-12 22:23:55 -04:00
Joey Hess c70160e995 web commit by http://sabr.myopenid.com/ 2008-04-12 22:15:21 -04:00
Joey Hess d97ca8c610 web commit by http://sabr.myopenid.com/ 2008-04-12 20:36:15 -04:00
Joey Hess 378c2696d9 web commit by http://sabr.myopenid.com/ 2008-04-12 20:13:42 -04:00
Joey Hess 7518b245f2 web commit by http://sabr.myopenid.com/ 2008-04-12 20:05:34 -04:00
Joey Hess 060ceaba1f web commit by http://sabr.myopenid.com/ 2008-04-12 20:04:59 -04:00
Joey Hess 4988a901c8 web commit by http://sabr.myopenid.com/ 2008-04-12 20:04:29 -04:00
Joey Hess 7178de28da web commit by tschwinge: Modify. 2008-04-12 18:01:54 -04:00
Joey Hess 461f907403 web commit by http://sabr.myopenid.com/ 2008-04-12 17:57:09 -04:00
Joey Hess 3b7b057e01 patch, thoughts 2008-04-12 17:19:32 -04:00
Joey Hess 57035d610e web commit by http://sabr.myopenid.com/ 2008-04-12 13:21:11 -04:00
Joey Hess 1f4dec34e2 web commit by cjb: Added wiktionary shortcut 2008-04-10 21:55:25 -04:00
Joey Hess 26c96e1f10 web commit by http://sabr.myopenid.com/ 2008-04-10 20:18:20 -04:00
Joey Hess 2718fc2b25 response 2008-04-10 19:54:38 -04:00
Joey Hess 92e39d7391 cannot reproduce 2008-04-10 19:32:43 -04:00
Joey Hess abde579038 response 2008-04-10 19:25:23 -04:00
Joey Hess 51f75484d7 let's move the access keys discussion out to the todo item about it 2008-04-10 19:18:34 -04:00
Joey Hess d9275303cc correct the command line used to generate the favicon 2008-04-10 18:51:21 -04:00
Joey Hess 58e346d229 correct utf-8 damage introduced by jblevins's modification of this page 2008-04-10 18:00:17 -04:00
Joey Hess 235b6d18b6 change wording 2008-04-10 17:59:11 -04:00
Joey Hess 04d601f419 response 2008-04-10 17:53:24 -04:00
Joey Hess 2beb279806 Give the full path to the hyperestraier helpfile in estseek.conf. 2008-04-10 17:50:43 -04:00
Joey Hess b698bf2408 Use bzr --quiet to avoid it outputting stuff and messing up http headers. (Scott Bronson) 2008-04-10 17:44:40 -04:00
Joey Hess e4395a567b Fix broken rcs_update for bzr. (Scott Bronson) 2008-04-10 17:41:43 -04:00
Joey Hess e1d456a86f Fix missing import of escapeHTML in userlink. (Scott Bronson) 2008-04-10 17:39:51 -04:00
Joey Hess 15237c74fc response 2008-04-10 17:31:39 -04:00
Joey Hess a91f044044 add news item for ikiwiki 2.42 2008-04-10 17:24:24 -04:00
Joey Hess 7f51c69491 releasing version 2.42 2008-04-10 17:24:08 -04:00
Joey Hess d5c964508f Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info 2008-04-10 17:12:55 -04:00
Joey Hess ab0e0e807a perl dumping core is not an ikiwiki bug, sorry 2008-04-10 17:09:58 -04:00
Joey Hess 555f1d0512 web commit by http://joey.kitenet.net/: test 2008-04-10 16:46:23 -04:00
Joey Hess 243739e1c3 Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info 2008-04-10 16:35:50 -04:00
Joey Hess 72b5ef2c5f Fix CSRF attacks against the preferences and edit forms. Closes: #475445
The fix involved embedding the session id in the forms, and not allowing the
forms to be submitted if the embedded id does not match the session id.

In the case of the preferences form, if the session id is not embedded,
then the CGI parameters are cleared. This avoids a secondary attack where the
link to the preferences form prefills password or other fields, and
the user hits "submit" without noticing these prefilled values.

In the case of the editpage form, the anonok plugin can allow anyone to edit,
and so I chose not to guard against CSRF attacks against users who are not
logged in. Otherwise, it also embeds the session id and checks it.

For page editing, I assume that the user will notice if content or commit
message is changed because of CGI parameters, and won't blndly hit save page.
So I didn't block those CGI paramters. (It's even possible to use those CGI
parameters, for good, not for evil, I guess..)

The only other CSRF attack I can think of in ikiwiki involves the poll plugin.
It's certianly possible to set up a link that causes the user to unknowingly
vote in a poll. However, the poll plugin is not intended to be used for things
that people would want to attack, since anyone can after all edit the poll page
and fill in any values they like. So this "attack" is ignorable.
2008-04-10 16:35:30 -04:00
Joey Hess 609e74bbd8 fix what I think is a typo 2008-04-10 16:08:59 -04:00
Joey Hess c69c811d64 web commit by http://joey.kitenet.net/: oops :-) 2008-04-10 14:45:00 -04:00
Joey Hess ff363cf9a0 web commit by http://joey.kitenet.net/ 2008-04-10 14:43:58 -04:00
Joey Hess 5647448501 web commit by ScottSwalwell: Fixed my fix. 2008-04-10 13:01:27 -04:00
Joey Hess 7921d9456c web commit by ScottSwalwell: Fixed this link. 2008-04-10 13:00:36 -04:00
Joey Hess 04528ba259 web commit by cjb: Fixed URL 2008-04-10 01:06:21 -04:00
Joey Hess e8728aa894 web commit by cjb: Tagged 2008-04-10 00:09:07 -04:00
Joey Hess 675236d251 web commit by cjb: Suggested patch for 302 redirect after page creation when using bzr 2008-04-10 00:07:59 -04:00