Joey Hess
f2529edcab
Fix typo in Danish translation of shortcuts page that caused expoentional regexp blowup.
...
Complex regular subexpression recursion limit (32766) exceeded at
/home/joey/src/ikiwiki/IkiWiki.pm line 1532.
This doesn't fix the blowup potential itself, it just fixes the typo. :)
A sample page that causes the blowup is attached below for future
reference. The first directive is not terminated. Contributing are the
additional quotes around the following directives, which mean that they can
each be processed as a parameter to the first directive, or as an
individual directive. In resolving this ambiguity, the regexp blows up.
Happily, perl contains the explosion , so I don't think there is an exploit
here.
"[[!shortcut name=wiktionary url=\"https://secure.wikimedia.org/wiktionary/en/ "
"[[!shortcut name=debss url=\"http://snapshot.debian.net/package/%s \"]]"
"[[!shortcut name=debwiki url=\"http://wiki.debian.org/%s \"]]"
"[[!shortcut name=fdobug url=\"https://bugs.freedesktop.org/show_bug.cgi?id=%s \" desc=\"freedesktop.org bug #%s\"]]"
"[[!shortcut name=fdolist url=\"http://lists.freedesktop.org/mailman/listinfo/%s \" desc=\"%s@lists.freedesktop.org\"]]"
"[[!shortcut name=cpanrt url=\"https://rt.cpan.org/Ticket/Display.html?id=%s \" desc=\"CPAN RT#%s\"]]"
"[[!shortcut name=novellbug url=\"https://bugzilla.novell.com/show_bug.cgi?id=%s \" desc=\"bug %s\"]]"
"[[!shortcut name=fdolist url=\"http://lists.freedesktop.org/mailman/listinfo/%s \" desc=\"%s@lists.freedesktop.org\"]]"
"[[!shortcut name=gnomebug url=\"http://bugzilla.gnome.org/show_bug.cgi?id=%s \" desc=\"GNOME bug #%s\"]]"
"[[!shortcut name=linuxbug url=\"http://bugzilla.kernel.org/show_bug.cgi?id=%s \" desc=\"Linux bug #%s\"]]"
"[[!shortcut name=gmane url=\"http://dir.gmane.org/gmane.%s \" desc=\"gmane.%s\"]]"
"[[!shortcut name=gmanemsg url=\"http://mid.gmane.org/%s \"]]"
"[[!shortcut name=cpan url=\"http://search.cpan.org/search?mode=dist&query=%s \"]]"
"[[!shortcut name=ctan url=\"http://tug.ctan.org/cgi-bin/ctanPackageInformation.py?id=%s \"]]"
"[[!shortcut name=hoogle url=\"http://haskell.org/hoogle/?q=%s \"]]"
"[[!shortcut name=iki url=\"http://ikiwiki.info/%S/ \"]]"
"[[!shortcut name=ljuser url=\"http://%s.livejournal.com/ \"]]"
"[[!shortcut name=rfc url=\"http://www.ietf.org/rfc/rfc%s.txt \" desc=\"RFC %s\"]]"
"[[!shortcut name=c2 url=\"http://c2.com/cgi/wiki?%s \"]]"
"[[!shortcut name=meatballwiki url=\"http://www.usemod.com/cgi-bin/mb.pl?%s \"]]"
"[[!shortcut name=emacswiki url=\"http://www.emacswiki.org/cgi-bin/wiki/%s \"]]"
"[[!shortcut name=haskellwiki url=\"http://haskell.org/haskellwiki/%s \"]]"
"[[!shortcut name=dict url=\"http://www.dict.org/bin/Dict?Form=Dict1&Strategy=*&Database=*&Query=%s \"]]"
"[[!shortcut name=imdb url=\"http://imdb.com/find?q=%s \"]]"
"[[!shortcut name=gpg url=\"http://pgpkeys.mit.edu:11371/pks/lookup?op=vindex&exact=on&search=0x%s \"]]"
"[[!shortcut name=perldoc url=\"http://perldoc.perl.org/search.html?q=%s \"]]"
"[[!shortcut name=whois url=\"http://reports.internic.net/cgi/whois?whois_nic=%s&type=domain \"]]"
"[[!shortcut name=cve url=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=%s \"]]"
"[[!shortcut name=cia url=\"http://cia.vc/stats/project/%s \"]]"
"[[!shortcut name=ciauser url=\"http://cia.vc/stats/user/%s \"]]"
"[[!shortcut name=flickr url=\"http://www.flickr.com/photos/%s \"]]"
"[[!shortcut name=man url=\"http://linux.die.net/man/%s \"]]"
"[[!shortcut name=ohloh url=\"http://www.ohloh.net/projects/%s \"]]"
"[[!shortcut name=cpanrt url=\"https://rt.cpan.org/Ticket/Display.html?id=%s \" desc=\"CPAN RT#%s\"]]"
"[[!shortcut name=novellbug url=\"https://bugzilla.novell.com/show_bug.cgi?id=%s \" desc=\"bug %s\"]]"
2011-07-26 17:29:36 +02:00
Joey Hess
ca435801d9
po: Add `LANG_CODE` and `LANG_NAME` template variables. (intrigeri)
2011-07-19 14:12:45 -04:00
Joey Hess
e04cb1ffd3
mercurial: Implement rcs_diff. (Daniel Andersson)
2011-07-19 11:44:26 -04:00
Joey Hess
339b95e719
rcs_rename and rcs_remove also were in the big mercurial patch
2011-07-19 11:41:11 -04:00
Joey Hess
b4db945b34
mercurial: Make both rcs_getctime and rcs_getmtime fast. (Daniel Andersson)
2011-07-19 11:39:32 -04:00
Joey Hess
86e1dc492f
apply the big mercurial patch
...
* mercurial: openid nicknames are now used when committing. (Daniel Andersson)
* mercurial: implement rcs_commit_staged so comments, attachments, etc
can be used. (Daniel Andersson)
* mercurial: fix viewing of a diff containing non-utf8 changes.
(Daniel Andersson)
2011-07-19 11:26:14 -04:00
Joey Hess
98d2356ad0
releasing version 3.20110715
2011-07-15 18:57:24 -04:00
Joey Hess
4cd2efef8c
fix two recently introduced bugs in rename
...
* rename: Fix logic error that broke renaming pages when the attachment
plugin was disabled.
* rename: Fix logic error that bypassed the usual pagespec checks.
2011-07-15 18:46:16 -04:00
Joey Hess
70ce708b02
releasing version 3.20110712
2011-07-12 12:40:30 -04:00
Joey Hess
20577d8ecb
Display attachment manipulation links always, since attachments can be uploaded via javascript.
...
Could arrange for them to be in a span that is hidden when there are no
attachments and make the javascript upload unhide it; this is a quick fix.
2011-07-11 21:38:48 -04:00
Joey Hess
d23786cb6c
attachment: Bugfix to create directory when moving attachment out of holding area.
2011-07-11 21:35:46 -04:00
Joey Hess
4ce2490e01
releasing version 3.20110711
2011-07-11 18:41:30 -04:00
Joey Hess
258b75c4f7
attachment: Bugfix to move upload attachments out of holding area when saving.
2011-07-11 18:34:17 -04:00
Joey Hess
45a058a2c7
Add build dep on python-support. Closes : #633536
2011-07-11 13:07:28 -04:00
Joey Hess
a40b58c514
releasing version 3.20110707
2011-07-07 20:48:48 -04:00
Joey Hess
9f7d9ab356
Bugfix for trying to attach files to a subpage of the index page.
2011-07-07 20:32:14 -04:00
Joey Hess
a965e02430
Bugfix for wikilink containing an email address not showing up in brokenlinks list.
2011-06-29 18:35:29 -04:00
Joey Hess
a18a62aa30
inline: Handle obfuscated urls, such as the mailto urls generated by markdown when forcing urls absolute.
...
That took me 5 minutes. If anyone thinks obfuscated email urls stops, or
even slows down spammers, think again.
2011-06-29 18:12:58 -04:00
Joey Hess
add72de71a
merged smcv/comments-metadata
2011-06-29 17:57:53 -04:00
Joey Hess
9d7c1d5f7d
Fix ikiwiki-update-wikilist -r to actually work.
2011-06-29 17:38:26 -04:00
Joey Hess
25b01f9404
Preserve mixed case in page creation links, and when creating a page whose title is mixed case, allow selecting between the mixed case and all lower-case names.
2011-06-29 16:38:32 -04:00
Joey Hess
ae1857b43c
img: Generate png format thumbnails for svg images.
...
Imagemagick does not generate svg images very well, but it can convert
them to png quite well.
For browsers that don't yet support displaying svg, this also provides a
workaround; just scale the svg down to get a png. But the workaround is
partial, since scaling the image larger, or leaving it the same size will
cause the original svg to be displayed. Since browsers are actively
improving svg support, this is good enough for me.
2011-06-29 14:40:30 -04:00
Joey Hess
c90bc78d44
Support svg as a inlinable image type
...
svg images can be included on a page by simply linking to them, or by using
the img directive. Note that sanitizing svg files is still not addressed.
2011-06-29 14:17:47 -04:00
Joey Hess
46064d6d63
html5 is not experimental anymore. But not the default either, quite yet.
2011-06-23 09:41:21 -04:00
Joey Hess
886890b82d
move headinganchors out of contrib
2011-06-21 15:22:35 -04:00
Joey Hess
d96edbbe68
Add libtext-multimarkdown-perl to Suggests. Closes : #630705
2011-06-16 13:13:08 -04:00
Joey Hess
6ebb4e262e
show ikiwiki error when attachment is rejected
2011-06-16 13:01:23 -04:00
Joey Hess
d4a0732752
let thru HTTP_ACCEPT
...
Needed for attachment to return json when requested.
I think some browsers send Accept: * , so I made sure to check that json
was explicitly listed as to be accepted, as well as having a high
priority.
2011-06-15 20:02:14 -04:00
Joey Hess
a695b5b2f8
updated jquery and made it its own underlay
2011-06-15 19:15:06 -04:00
Joey Hess
8e15f664c4
aggregate: Improve checking for too long aggregated filenames.
...
Two problems fixed:
1. Files are written with a .ikiwiki-new suffix, which has to be taken into
account.
2. Need to count length of bytes, not of unicode characters.
2011-06-10 18:47:57 -04:00
Joey Hess
cf707d1654
userlist: New plugin, lets admins see a list of users and their info.
2011-06-09 10:10:27 -04:00
Joey Hess
4fdeda0e34
ikiwiki-mass-rebuild: Fix tty hijacking vulnerability by using su. (Once su's related bug #628843 is fixed.) Thanks, Ludwig Nussel. (CVE-2011-1408)
2011-06-08 17:42:07 -04:00
Joey Hess
d7c4001748
search: Update search page when page.tmpl or searchquery.tmpl are locally modified.
2011-06-03 20:31:20 -04:00
Joey Hess
0423cac6de
let's assume some web server will think OFF is a good idea..
2011-06-03 14:41:13 -04:00
Joey Hess
254080bc85
Support the Hiawatha web server which sets HTTPS=off rather than not setting it. (There does not seem to be a standard here.)
2011-06-03 14:36:31 -04:00
Joey Hess
3b8fc54717
merged po4a robustness workaround
2011-06-03 12:39:09 -04:00
Joey Hess
50bc05e7fb
changelog
2011-06-03 12:32:42 -04:00
Joey Hess
30c3ceeaa2
Changed license of madduck's python plugins from GPL-2 to BSD-2-clause.
...
Apparently the rst library is changing to a GPL-2 incompatable license.
"madduck: joeyh: so yes, do as you think is right."
2011-05-19 14:37:16 -04:00
Joey Hess
b4dd83642a
merged quoting changes
2011-05-13 11:24:16 -04:00
Joey Hess
97a8d30dc1
Support YAML::XS by not passing decoded unicode to Load. Closes : #625713
2011-05-12 17:50:25 -04:00
Joey Hess
b2754fa272
openid: also use Net::INET6Glue if available
2011-05-09 18:15:35 -04:00
Joey Hess
825f81340a
aggregate, pinger: Use Net::INET6Glue if available to support making ipv6 connections.
...
Making outgoing ipv6 connections for openid auth is still broken; the glue
module does not seem to solve that, so I did not make openid use it.
2011-05-09 14:00:48 -04:00
Joey Hess
fc79f2252e
Add conflict with libyaml-libyaml-perl, since that library does not support utf8. Closes : #625713 (see https://rt.cpan.org/Public/Bug/Display.html?id=54683 )
2011-05-06 14:38:27 -04:00
Joey Hess
adabab4cc6
changelog
2011-05-06 14:32:55 -04:00
Joey Hess
4a27adfa72
Danish translation update. Closes : #625721
2011-05-05 13:02:31 -04:00
Joey Hess
e02b903054
releasing version 3.20110430
2011-04-30 17:27:18 -04:00
Joey Hess
be0833b856
close bug already fixed a month ago in git
2011-04-30 16:40:52 -04:00
Joey Hess
bad5072c02
tag: Avoid autocreating multiple tag pages that vary only in capitalization. The first capitalization seen of a tag will be used for the tag page.
...
Arguably, the real bug is in the interface to add_autofile, but since
that does take a filename, not a page name, it cannot really do case
handling on its own. The only other users of add_autofile in ikiwiki proper
is autoindex, and it always uses one case. Other third party plugins might
also need to add similar workarounds though.
2011-04-30 16:30:07 -04:00
Joey Hess
e258575c12
Promote Crypt::SSLeay to Recommends; needed for https openid auth.
2011-04-30 12:06:32 -04:00
Joey Hess
270fd45c5d
meta: Add FOAF support. Closes : #623156 (Jonas Smedegaard)
2011-04-21 19:52:39 -04:00
Joey Hess
795da42b29
changelog
2011-04-21 14:18:56 -04:00
Joey Hess
df81a2d208
bug closure
2011-04-17 17:57:23 -04:00
Joey Hess
d22489299a
meta: Fix bug in loading of HTML::Entities that can break inline archive=yes (mostly masked by other plugins that load the module).
2011-04-12 12:30:24 -04:00
Joey Hess
5bdc7f4645
document fix I'm about to merge
2011-03-30 14:11:38 -04:00
Joey Hess
21f3eb5bc0
fix
2011-03-30 11:32:47 -04:00
Joey Hess
5013e6b0bd
update for libravatar support
...
* comments: Add avatar picture of comment author, using Libravatar::URL
when available. The avatar is looked up based on (Thanks, Francois Marier)
* Recommend libgravatar-url-perl, which contains Libravatar::URL.
2011-03-30 10:55:36 -04:00
Joey Hess
0204dabccf
CVE assigned
2011-03-28 19:10:08 -04:00
Joey Hess
e548b0c245
changelog
2011-03-28 13:09:03 -04:00
Joey Hess
232c8a6dfc
releasing version 3.20110328
2011-03-28 12:30:57 -04:00
Joey Hess
be02a80b7a
meta: Security fix; don't allow alternative stylesheets to be added on pages where the htmlscrubber is enabled.
2011-03-28 12:21:12 -04:00
Joey Hess
a0e31f38d5
comment: Better fix to avoid showing comments of subpages, while not breaking manual inlining of comments.
2011-03-28 11:53:55 -04:00
Joey Hess
9df8971e57
Yaml formatted setup files are now produced by default
...
This has been a while coming. It turns out that non-excutable setup files
have a number of benefits. Also, I find YAML setup files easier to edit
myself, and I suspect many users will prefer not needing to deal with
perl syntax.
2011-03-24 21:30:18 -04:00
Joey Hess
78c750f2d2
Add timezone setting in setup file. This alows time zone to be configured via the web.
2011-03-24 13:36:16 -04:00
Joey Hess
5c2ba98bcc
releasing version 3.20110321
2011-03-21 15:01:19 -04:00
Joey Hess
26eb86d903
Avoid escaping / characters in filenames when building the cgiurl, as this confuses eg, cvsweb.
2011-03-21 14:21:55 -04:00
Joey Hess
b02d3746e1
aggregate: Read cookies from ~/.ikiwiki/cookies by default. Also, the cookiejar configuration setting can be used by other plugins to provide a custom `cookie_jar` object for LWP::UserAgent. (Thanks, schmonz)
2011-03-21 14:19:21 -04:00
Joey Hess
7e4a0c2930
darcs: Fix multiple issues preventing rcs_diff from working.
2011-03-02 12:39:58 -04:00
Joey Hess
b34d31142b
comment: Don't show comments of subpages on parent pages. (Fixes bug introduced in version 3.20100505.)
2011-02-27 18:16:07 -04:00
Joey Hess
c58e0a97bf
releasing version 3.20110225
2011-02-25 19:59:06 -04:00
Joey Hess
b2a8f0f5b4
bookeeping
2011-02-22 17:34:19 -04:00
Joey Hess
9836bceaa5
bookeeping
2011-02-22 17:25:53 -04:00
Joey Hess
04498cdeb4
Fix broken baseurl in cgi mode when usedirs is disabled. Bug introduced in 3.20101231.
2011-02-21 14:57:15 -04:00
Joey Hess
44695122bf
map: Avoid unnecessary ul's in maps with nested directories. (Giuseppe Bilotta)
2011-02-09 14:46:38 -04:00
Joey Hess
1879fe63be
transient merged; bookkeeping
2011-02-09 14:18:48 -04:00
Joey Hess
8e604c0f0a
htmltidy: Avoid breaking the sidebar when websetup is running.
...
Problem was this: websetup loads all plugins, but does not checkconfig
them. So, htmltidy's recently added configurable command setting was unset;
this resulted in its sanitize hook failing; the sanitize hook is called
when a sidebar was enabled, and this caused the sidebar to not display.
I put in a fix, but the underlying problem is that websetup loads all
plugins but leaves them in an unconfigured and possibly broken state while
trying to display its forms.
Probably the long-term fix is to have it cache the original hook states from
before loading the plugins, and restore it after getting their configuration.
Or, even to get the configuration using a subprocess, as plugins may do things
outside the hook system.
2011-02-03 12:49:13 -04:00
Joey Hess
b752e7fec4
editpage: Avoid inheriting internal page types.
2011-02-01 21:01:26 -04:00
Joey Hess
2c8cb980bb
releasing version 3.20110124
2011-01-24 17:11:53 -04:00
Joey Hess
80452eba92
inline: Fix regression in feed titles. Closes : #610878 (Thanks, Paul Wise)
2011-01-24 17:01:01 -04:00
Joey Hess
1640d12102
blogspam: Don't check modifications from admins for spam, and also allow the blogspam_pagespec to do other matches against who the user is.
2011-01-24 16:59:15 -04:00
Joey Hess
2be49b623a
bleagh
2011-01-24 16:56:28 -04:00
Joey Hess
4d79b58381
releasing version 3.20110123
2011-01-23 10:26:12 -04:00
Joey Hess
0e224058e7
Adapt autoindex test suite to work with old Test::More.
2011-01-22 11:00:57 -04:00
Joey Hess
24792dabe4
releasing version 3.20110122
2011-01-22 10:44:33 -04:00
Joey Hess
b5d7469830
rename: Fix crash when renaming a page that is linked to by a page in an underlay.
...
Skip fixing links in such pages. The user will get a list of pages that
still link to the old page.
2011-01-22 10:20:38 -04:00
Joey Hess
dcfeaaad5b
comments: Fix XSS security hole due to missing validation of page name.
...
Values have to be checked against wiki_file_regexp, not just file_pruned.
Audited the rest of the code base for similar problems, found none.
2011-01-22 10:15:33 -04:00
Joey Hess
9b6e333170
picked
2011-01-14 14:37:43 -04:00
Joey Hess
e112372a38
update
2011-01-06 14:42:13 -04:00
Joey Hess
2cd8988648
releasing version 3.20110105
2011-01-05 18:19:26 -04:00
Joey Hess
d991ccf134
use cgitemplate, remove misctemplate
2011-01-05 17:15:38 -04:00
Joey Hess
4dbb8120f7
Export three cgi env vars needed for CGI->url to work.
2011-01-05 16:08:21 -04:00
Joey Hess
3eabf323f0
Fix permalinks to recentchanges items and comments, broken by last release.
...
permalinks always need to be full urls
2011-01-05 15:22:55 -04:00
Joey Hess
6b5b0a3282
Temporarily revert one part of the multiple url support in the last release. Non-edit pages are now back to having `<base>` set to the site's main url.
2011-01-05 15:01:31 -04:00
Joey Hess
270cbd7cf5
Fix redirect to use a full url.
...
Was broken (in theory) by baseurl changes in last release.
2011-01-05 14:57:04 -04:00
Joey Hess
8c9c3915ec
Fix base url when previewing. Was broken by urlto changes in last release.
...
Added a showform_preview that is like showform, but sets forcebaseurl
to point to the page being previewed.
2011-01-05 13:50:42 -04:00
Joey Hess
3841d709d7
bugfix
2011-01-04 16:02:31 -04:00
Joey Hess
84224c78a0
releasing version 3.20101231
2010-12-31 21:34:52 -04:00
Joey Hess
7d0ef85d80
git: Fix bug involving attempting to web revert a commit that included changes to attachments.
2010-12-29 20:19:58 -04:00
Joey Hess
4fb26f4e60
Add a second parameter to the rcs_diff hook, and avoid bloating memory reading in enormous commits.
2010-12-29 19:58:49 -04:00
Joey Hess
1c430def77
highlight: Support highlight 3.2+svn19 (note that released version 3.2 is not supported). Closes : #605779 (David Bremner)
2010-12-29 13:08:09 -04:00
Joey Hess
83b685abb5
changelog
2010-12-28 13:52:01 -04:00