Commit Graph

252 Commits (3da4ed65862a2db14d39c103f93518018d2ffa88)

Author SHA1 Message Date
Joey Hess 68e2320696
inline: Prevent creating a file named ".mdwn" when the postform is submitted with an empty title. 2016-09-21 13:51:42 -04:00
Simon McVittie 125461cab7 inline: expand show=N backwards compatibility to negative N
[[plugins/contrib]] uses show=-1 to show the post-creation widget
without actually inlining anything.
2016-05-06 22:51:02 +01:00
Simon McVittie 7aca0d40a3 Compose relative URLs in RSS feeds correctly
If the relative link from the (page generating the) RSS to the target
would start with "./" or "../", just concatenating it with the URL to
the directory containing the RSS is not sufficient. Go via
URI::new_abs to fix this.
2016-01-21 08:40:14 +00:00
Simon McVittie 855b757f37 Force comments URL in RSS feeds to be absolute
Now I'm going to get bug reports about wanting the URLs to be
protocol-relative, but we can't win there as long as we generate RSS,
because RSS doesn't have well-defined semantics for relative URLs
(and the W3C's validator complains about them). If absolute URLs are
a problem for you, please use Atom feeds.
2016-01-21 07:50:13 +00:00
Simon McVittie b199349ffd Merge remote-tracking branch 'smcv/ready/limit' 2015-11-30 20:55:34 +00:00
Simon McVittie f2365c3e66 inline: change default sort order from age to "age title" for determinism 2015-06-13 19:58:37 +01:00
Simon McVittie f4ec7b06d9 Make sure we do not pass multiple CGI parameters in function calls
When CGI->param is called in list context, such as in function
parameters, it expands to all the potentially multiple values
of the parameter: for instance, if we parse query string a=b&a=c&d=e
and call func($cgi->param('a')), that's equivalent to func('b', 'c').
Most of the functions we're calling do not expect that.

I do not believe this is an exploitable security vulnerability in
ikiwiki, but it was exploitable in Bugzilla.
2014-10-16 22:24:47 +01:00
Simon McVittie ab768a62c6 Rename show parameter of [[!inline]] and [[!pagestats]] to limit
The old name still works, if its value is numeric.

This name allows a non-numeric "show" to mean the same thing
it does for [[!map]] (show title, show description, etc.).
2014-09-14 15:15:27 +01:00
Simon McVittie 0357ad66ea inline: postform=no should take precedence over rootpage existing
If someone has explicitly disabled the postform, it seems reasonable
from a least-astonishment point of view for that to take precedence
over rootpage, even though that makes rootpage useless.

Also add a regression test; so far, this is all it tests.
2014-07-04 23:23:42 +01:00
Simon McVittie bb359796b8 protect $@ whenever a block using $@ is non-trivial
As noted in the Try::Tiny man page, eval/$@ can be quite awkward in
corner cases, because $@ has the same properties and problems as C's
errno. While writing a regression test for definetemplate
in which it couldn't find an appropriate template, I received

    <span class="error">Error: failed to process template
    <span class="createlink">deftmpl</span> </span>

instead of the intended

    <span class="error">Error: failed to process template
    <span class="createlink">deftmpl</span> template deftmpl not
    found</span>

which turned out to be because the "catch"-analogous block called
gettext before it used $@, and gettext can call define_gettext,
which uses eval.

This commit alters all current "catch"-like blocks that use $@, except
those that just do trivial things with $@ (string interpolation, string
concatenation) and call a function (die, error, print, etc.)
2014-02-21 17:06:36 +00:00
Joey Hess fe1a69e11a inline: Allow overriding the title of the feed. Closes: #735123 Thanks, Christophe Rhodes 2014-01-13 17:06:29 -04:00
Amitai Schlair b25f7700bd Instead of hacking back to $link, just provide it. 2013-06-27 00:21:20 -04:00
Amitai Schlair 4b6ea05ac8 Catch up rsspage to atompage. Validates. 2013-02-22 12:54:16 -05:00
Amitai Schlair d77ee60b15 Render fancy podcast enclosures.
Simple podcast feeds didn't have content tags and I made sure to
keep it that way. This may be unnecessarily conservative. Changing
the behavior to include empty content tags might be fine, but I
don't want to think about it right now, I just want my tests to
keep passing!

The new fancy-podcast tests are copy-pasted-edited from the
simple-podcast tests. These tests shall be refactored.
2013-02-20 21:16:19 -05:00
Amitai Schlair a629b276b2 Extract genenclosure(). No functional change intended. 2013-02-20 20:53:50 -05:00
Simon McVittie 258ee1bc3b trail, inline: treat pagenames as a list of literal names, not links 2012-04-06 17:05:26 +01:00
Simon McVittie 276ab9a78a Reinstate trail support in inline
This was removed in aaa72a3a80.
2012-04-05 09:43:44 +01:00
Joey Hess d68d255268 Added a "changes" hook. Renamed the "change" hook to "rendered", but
the old hook name is called for now for back-compat.
2012-03-28 18:43:07 -04:00
Joey Hess aaa72a3a80 inline: When the pagenames list includes pages that do not exist, skip them.
bestlink returns '' if no existing page matches a link. This propigated
through inline and other plugins, causing uninitialized value warnings, and
in some cases (when filecheck was enabled) making the whole directive fail.

Skipping the empty results fixes that, but this is papering over another
problem: If the missing page is later added, there is not dependency
information to know that the inline needs to be updated. Perhaps smcv will
fix that later.
2012-03-21 15:48:25 -04:00
Joey Hess a812692a50 changelog 2012-03-18 14:22:28 -04:00
Simon McVittie 63bb8b42f7 Replace [[!trailinline]] directive with [[!inline trail=yes]] 2012-03-18 17:11:05 +00:00
Paul Wise 5b9005a8dd Drop the version attribute on the generator tag in Atom feeds.
Removing the version means that rebuilds are reproducible over time.

Both the generator tag and its version attribute are optional:

http://tools.ietf.org/html/rfc4287#section-4.2.4
2012-03-03 11:01:55 -04:00
Joey Hess 7d2b68cd16 inline: When indexing internal pages for searching, use the url of the inlining page. 2011-09-01 11:38:10 -04:00
Joey Hess a18a62aa30 inline: Handle obfuscated urls, such as the mailto urls generated by markdown when forcing urls absolute.
That took me 5 minutes. If anyone thinks obfuscated email urls stops, or
even slows down spammers, think again.
2011-06-29 18:12:58 -04:00
Giuseppe Bilotta 27a80dc40a inline: allow assigning an id to postform/feedlink
This allows per-form/feedlink group customization without having to
resort to counting.
(cherry picked from commit b134feb0dc2d9a8ff7ae447537fa8bc02811aabd)
2011-02-22 17:33:07 -04:00
Giuseppe Bilotta 72c8f01b36 inline: base feed urls on included page name
Second (forgotten) half of bb8f76a4a0.
This ensures that the link URL and page title in the feed are the
correct ones.
2011-02-22 17:23:08 -04:00
Joey Hess 80452eba92 inline: Fix regression in feed titles. Closes: #610878 (Thanks, Paul Wise) 2011-01-24 17:01:01 -04:00
Joey Hess 56259466ee reword feed descs 2011-01-06 14:42:23 -04:00
Giuseppe Bilotta 962b1c130c inline: pass the Atom/RSS titles to the templates
The default templates are also updated to make use of this information.
The rel="alternate" attribute is also inserted, for completeness.
(cherry picked from commit 618ade535e6a7967a510d9e210edaef3d37cc9bc)
2011-01-06 14:40:33 -04:00
Joey Hess 9741a3f979 inline: Force an absolute page location when the inline postform is used.
There seems no need to allow selecting a location when creating a page this
way; the user should always want it to appear in the inline whose form they
submitted.
2010-12-25 13:32:57 -04:00
Joey Hess fd95afe8ea fix comment 2010-12-25 13:12:21 -04:00
Giuseppe Bilotta bb8f76a4a0 inline: base feed names on the included page name
Use the included page name rather than the including page name. This
allows us to allow feeds in nested inlines without duplicating feeds
with the same content under different (and stupid) names.
2010-12-05 16:34:11 -04:00
Simon McVittie 296e5cb2fd Use local paths for the CGI URL 2010-11-23 00:12:17 +00:00
Joey Hess b00c6c9640 inline: Improve RSS url munging to use a proper html parser
and support all elements that HTML::Tagset knows about.

(Which doesn't include html5 just yet, but then the old version didn't either.)

Bonus: 4 times faster than old regexp method.
2010-11-16 16:57:50 -04:00
Joey Hess c502b8fe54 indentation 2010-11-16 15:40:16 -04:00
Joey Hess e22b18aabc template_depends: throw nice error message when template cannot be found
plovs reported a crash when templates were not installed properly,
with a non-useful error about the template object not being defined.
I've audited all uses of template_depends(), and template(), and it makes
sense for them to throw an error if the template cannot be found. All code
with a user-supplied template catches errors already, to handle template
parse failures.

It did not make sense for template_file to throw errors, as some code uses
it to probe if a template file is available.
2010-09-27 15:58:01 -04:00
Joey Hess 24ff4a9e5f revert accidentially committed change 2010-09-13 12:49:31 -04:00
Joey Hess c4ebdd6f46 Pass array of names of files that have been deleted to needsbuild hook as second parameter, to allow for plugins that needs access to this information earlier than the delete hook. 2010-09-10 17:17:08 -04:00
Joey Hess ea4967f184 inline: Call indexhtml when inlining internal pages, so their text can be indexed for searching. 2010-05-06 23:20:48 -04:00
Joey Hess 154732dc42 adapt comment.tmpl to html5
Note that I put comment-header in a <header> despite it being
below the comment. Using a <footer> would be confusing given
the class name. Also, the content is semantically closer to
a header than a footer.
2010-05-02 16:12:08 -04:00
Joey Hess 970373548f Add parameter to displaytime to specify that it is a pubdate, and in html5 mode, use time tag. 2010-05-02 13:44:13 -04:00
Joey Hess ee8d237f98 improved error message 2010-04-23 14:50:00 -04:00
Joey Hess d4d7d5ddaf use same error string as template.pm does 2010-04-23 14:45:02 -04:00
Joey Hess 011d88052d fix logic 2010-04-23 14:00:53 -04:00
Joey Hess abd2339312 look for templates in srcdir and underlays, first
This entailed changing template_params; it no longer takes the template
filename as its first parameter.

Add template_depends to api and replace calls to template() with
template_depends() in appropriate places, where a dependency should be
added on the template.

Other plugins don't use template(), so will need further work.

Also, includes are disabled for security. Enabling includes only when using
templates from the templatedir would be nice, but would add a lot of
complexity to the implementation.
2010-04-22 15:55:58 -04:00
Joey Hess 1fbc1b518a disable feeds in raw mode 2010-04-15 15:41:56 -04:00
Simon McVittie 5408279b5f HTML-encode meta title, description, guid on output, but not in the pagestate
This makes them consistent with the rest of the meta keys. A wiki rebuild
will be needed on upgrade to this version; until the wiki is rebuilt,
double-escaping will occur in the titles of pages that have not changed.
2010-04-06 01:31:38 +01:00
Joey Hess a63929f6cc Group related plugins into sections in the setup file, and drop unused rcs plugins from the setup file. 2010-02-11 22:24:15 -05:00
Joey Hess aed16b4833 inline: Avoid showing edit links if page editing is disabled. (Sjoerd) 2010-01-04 12:54:18 -05:00
Joey Hess 7dd074e2e7 Fix several places that did not properly handle capitalization of the discussionpage setting.
Specifically, fixes discussion actions on discussion pages, and unbreaks the opendiscussion plugin.
2010-01-02 15:52:38 -05:00