Simon McVittie
545a7bbbf0
img: restrict to JPEG, PNG and GIF images by default
...
This mitigates CVE-2016-3714. Wiki administrators who know that they
have prevented arbitrary code execution via other formats can re-enable
the other formats if desired.
2016-05-05 23:43:50 +01:00
Simon McVittie
54a9f8d07d
img: force common Web formats to be interpreted according to extension
...
A site administrator might unwisely set allowed_attachments to
something like '*.jpg or *.png'; if they do, an attacker could attach,
for example, a SVG file named attachment.jpg.
This mitigates CVE-2016-3714.
2016-05-05 23:43:50 +01:00
Simon McVittie
32ef584dc5
HTML-escape error messages (OVE-20160505-0012)
...
The instance in cgierror() is a potential cross-site scripting attack,
because an attacker could conceivably cause some module to raise an
exception that includes attacker-supplied HTML in its message, for
example via a crafted filename. (OVE-20160505-0012)
The instances in preprocess() is just correctness. It is not a
cross-site scripting attack, because an attacker could equally well
write the desired HTML themselves; the sanitize hook is what
protects us from cross-site scripting here.
2016-05-05 23:43:17 +01:00
https://id.koumbit.net/anarcat
355ba85137
all good
2016-05-04 18:53:24 -04:00
smcv
e874ce623b
2016-05-04 18:35:33 -04:00
https://id.koumbit.net/anarcat
bd881a8ee6
response: confirmation it's a bug in MMD and Discount doesn't have footnotes, and request for workaround
2016-05-04 09:45:25 -04:00
smcv
291a09e537
discount (as used on this wiki) can do footnotes, but they aren't enabled by ikiwiki
2016-05-04 05:48:01 -04:00
smcv
337736663b
response
2016-05-04 05:38:27 -04:00
Joey Hess
f4b75b3b2c
response
2016-05-02 09:33:59 -04:00
https://id.koumbit.net/anarcat
017a7e9446
2016-04-29 00:32:02 -04:00
https://id.koumbit.net/anarcat
467f501d90
response
2016-04-28 20:13:05 -04:00
Joey Hess
fe7ec461d4
Merge branch 'master' of ssh://git.ikiwiki.info
2016-04-28 19:34:51 -04:00
Joey Hess
3aa705b38a
response
2016-04-28 19:32:58 -04:00
Joey Hess
95c0a63675
Merge remote-tracking branch 'origin/master'
2016-04-28 19:06:01 -04:00
https://id.koumbit.net/anarcat
1e38006bbc
2016-04-28 10:12:52 -04:00
https://id.koumbit.net/anarcat
965aa5c6fa
http/https issue
2016-04-28 10:08:05 -04:00
Antoine Beaupré
81852a7db7
smaller is too small for large blocks
2016-04-26 18:52:25 -04:00
Antoine Beaupré
e316ea9a7c
fix typo and comment
2016-04-26 18:50:47 -04:00
Antoine Beaupré
093ad8b890
new CSS bug
2016-04-26 18:46:59 -04:00
https://id.koumbit.net/anarcat
4871d48718
explain footnotes
2016-04-26 18:35:20 -04:00
desci
053f96e80b
Changed the expired domain and added question
2016-04-18 22:08:50 -04:00
RickHanson
344f831c2e
Fixed dead link.
2016-04-17 19:38:12 -04:00
Antoine Beaupré
da596e5c79
add screenshot
2016-04-15 18:11:29 -04:00
Antoine Beaupré
1719ad31ee
fix typos
2016-04-15 17:31:53 -04:00
Antoine Beaupré
8f67b981cd
announce the admonition plugin
2016-04-15 17:29:44 -04:00
Antoine Beaupré
fcf10269fc
elaborate copyright investigation. ugh.
2016-04-15 12:29:25 -04:00
Antoine Beaupré
ad5b749847
response
2016-04-15 11:17:02 -04:00
Antoine Beaupré
e5c93a6ac0
can't login again
2016-04-15 11:07:14 -04:00
smcv
f211764c1d
escape
2016-04-15 10:38:11 -04:00
smcv
18c9d18b76
templates are another way to do this
2016-04-15 10:37:43 -04:00
smcv
7493b4015b
2016-04-15 10:34:33 -04:00
Antoine Beaupré
568b0fe11d
a weird authentication bug
2016-04-15 10:14:50 -04:00
Antoine Beaupré
54f71deab5
admonitions proposal
2016-04-15 09:57:53 -04:00
desci
8eb3a06f1e
Arguing more
2016-04-15 08:24:38 -04:00
desci
65095203f5
Added systemd for nginx
2016-04-15 08:12:11 -04:00
desci
9bb481ccd7
2016-04-14 17:14:47 -04:00
spalax
96e2315499
Document new feature.
2016-04-14 12:43:32 -04:00
https://id.koumbit.net/anarcat
552b42f039
clarify that theme and css is not only to change stylesheets, but the look in general
2016-04-13 14:38:15 -04:00
https://id.koumbit.net/anarcat
df17472bbf
link to localstyle after a user struggled for hours to figure out exactly that
2016-04-13 14:37:22 -04:00
smcv
06a67db3f9
explain why multiple page.tmpl is a showstopper for upstream even if not for local themes
2016-04-12 02:00:21 -04:00
desci
687e3f94ea
2016-04-11 11:05:45 -04:00
desci
57f48eac19
Updated link
2016-04-11 11:03:22 -04:00
desci
2829486a81
Updated link
2016-04-11 11:01:54 -04:00
desci
5afcfd501a
Edited old sentence to reference the forum
2016-04-11 10:59:13 -04:00
desci
a25ad4f984
2016-04-11 10:57:37 -04:00
desci
3f95ac468a
Asked Joey to reconsider
2016-04-11 10:21:24 -04:00
desci
4071feaa2a
Added yet another bootstrap theme
2016-04-11 10:15:39 -04:00
desci
eef3e0350c
Added question
2016-04-11 10:12:17 -04:00
spwhitton
e6be5ee97a
There's also a config file option.
2016-04-09 10:48:54 -04:00
desci
47f4ac8f08
Marketing
2016-04-09 01:01:38 -04:00