Commit Graph

1953 Commits (5f2ad7b36e3e351963e4f1c47fcc4bfb5e0fff47)

Author SHA1 Message Date
Joey Hess d2cf716876 Avoid using named capture groups in heredoc code for oldperl compatability.
Also reordered heredoc part of regexp for consistency.
2011-07-30 20:12:33 +02:00
Joey Hess ed360d045a Fix escaping of html entities in tag names.
Example case was a tag with & in its name, which resulted in a malformed
rss feed.
2011-07-29 12:54:30 +02:00
Joey Hess 65a7bc4e06 Fix escaping of html entities in permalinks. 2011-07-29 12:37:43 +02:00
Joey Hess f2529edcab Fix typo in Danish translation of shortcuts page that caused expoentional regexp blowup.
Complex regular subexpression recursion limit (32766) exceeded at
/home/joey/src/ikiwiki/IkiWiki.pm line 1532.

This doesn't fix the blowup potential itself, it just fixes the typo. :)

A sample page that causes the blowup is attached below for future
reference. The first directive is not terminated. Contributing are the
additional quotes around the following directives, which mean that they can
each be processed as a parameter to the first directive, or as an
individual directive. In resolving this ambiguity, the regexp blows up.
Happily, perl contains the explosion , so I don't think there is an exploit
here.

"[[!shortcut name=wiktionary url=\"https://secure.wikimedia.org/wiktionary/en/"
"[[!shortcut name=debss url=\"http://snapshot.debian.net/package/%s\"]]"
"[[!shortcut name=debwiki url=\"http://wiki.debian.org/%s\"]]"
"[[!shortcut name=fdobug url=\"https://bugs.freedesktop.org/show_bug.cgi?id=%s\" desc=\"freedesktop.org bug #%s\"]]"
"[[!shortcut name=fdolist url=\"http://lists.freedesktop.org/mailman/listinfo/%s\" desc=\"%s@lists.freedesktop.org\"]]"
"[[!shortcut name=cpanrt url=\"https://rt.cpan.org/Ticket/Display.html?id=%s\" desc=\"CPAN RT#%s\"]]"
"[[!shortcut name=novellbug url=\"https://bugzilla.novell.com/show_bug.cgi?id=%s\" desc=\"bug %s\"]]"
"[[!shortcut name=fdolist url=\"http://lists.freedesktop.org/mailman/listinfo/%s\" desc=\"%s@lists.freedesktop.org\"]]"
"[[!shortcut name=gnomebug url=\"http://bugzilla.gnome.org/show_bug.cgi?id=%s\" desc=\"GNOME bug #%s\"]]"
"[[!shortcut name=linuxbug url=\"http://bugzilla.kernel.org/show_bug.cgi?id=%s\" desc=\"Linux bug #%s\"]]"
"[[!shortcut name=gmane url=\"http://dir.gmane.org/gmane.%s\" desc=\"gmane.%s\"]]"
"[[!shortcut name=gmanemsg url=\"http://mid.gmane.org/%s\"]]"
"[[!shortcut name=cpan url=\"http://search.cpan.org/search?mode=dist&query=%s\"]]"
"[[!shortcut name=ctan url=\"http://tug.ctan.org/cgi-bin/ctanPackageInformation.py?id=%s\"]]"
"[[!shortcut name=hoogle url=\"http://haskell.org/hoogle/?q=%s\"]]"
"[[!shortcut name=iki url=\"http://ikiwiki.info/%S/\"]]"
"[[!shortcut name=ljuser url=\"http://%s.livejournal.com/\"]]"
"[[!shortcut name=rfc url=\"http://www.ietf.org/rfc/rfc%s.txt\" desc=\"RFC %s\"]]"
"[[!shortcut name=c2 url=\"http://c2.com/cgi/wiki?%s\"]]"
"[[!shortcut name=meatballwiki url=\"http://www.usemod.com/cgi-bin/mb.pl?%s\"]]"
"[[!shortcut name=emacswiki url=\"http://www.emacswiki.org/cgi-bin/wiki/%s\"]]"
"[[!shortcut name=haskellwiki url=\"http://haskell.org/haskellwiki/%s\"]]"
"[[!shortcut name=dict url=\"http://www.dict.org/bin/Dict?Form=Dict1&Strategy=*&Database=*&Query=%s\"]]"
"[[!shortcut name=imdb url=\"http://imdb.com/find?q=%s\"]]"
"[[!shortcut name=gpg url=\"http://pgpkeys.mit.edu:11371/pks/lookup?op=vindex&exact=on&search=0x%s\"]]"
"[[!shortcut name=perldoc url=\"http://perldoc.perl.org/search.html?q=%s\"]]"
"[[!shortcut name=whois url=\"http://reports.internic.net/cgi/whois?whois_nic=%s&type=domain\"]]"
"[[!shortcut name=cve url=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=%s\"]]"
"[[!shortcut name=cia url=\"http://cia.vc/stats/project/%s\"]]"
"[[!shortcut name=ciauser url=\"http://cia.vc/stats/user/%s\"]]"
"[[!shortcut name=flickr url=\"http://www.flickr.com/photos/%s\"]]"
"[[!shortcut name=man url=\"http://linux.die.net/man/%s\"]]"
"[[!shortcut name=ohloh url=\"http://www.ohloh.net/projects/%s\"]]"
"[[!shortcut name=cpanrt url=\"https://rt.cpan.org/Ticket/Display.html?id=%s\" desc=\"CPAN RT#%s\"]]"
"[[!shortcut name=novellbug url=\"https://bugzilla.novell.com/show_bug.cgi?id=%s\" desc=\"bug %s\"]]"
2011-07-26 17:29:36 +02:00
Joey Hess ca435801d9 po: Add `LANG_CODE` and `LANG_NAME` template variables. (intrigeri) 2011-07-19 14:12:45 -04:00
Joey Hess e04cb1ffd3 mercurial: Implement rcs_diff. (Daniel Andersson) 2011-07-19 11:44:26 -04:00
Joey Hess 339b95e719 rcs_rename and rcs_remove also were in the big mercurial patch 2011-07-19 11:41:11 -04:00
Joey Hess b4db945b34 mercurial: Make both rcs_getctime and rcs_getmtime fast. (Daniel Andersson) 2011-07-19 11:39:32 -04:00
Joey Hess 86e1dc492f apply the big mercurial patch
* mercurial: openid nicknames are now used when committing. (Daniel Andersson)
* mercurial: implement rcs_commit_staged so comments, attachments, etc
  can be used. (Daniel Andersson)
* mercurial: fix viewing of a diff containing non-utf8 changes.
  (Daniel Andersson)
2011-07-19 11:26:14 -04:00
Joey Hess 98d2356ad0 releasing version 3.20110715 2011-07-15 18:57:24 -04:00
Joey Hess 4cd2efef8c fix two recently introduced bugs in rename
* rename: Fix logic error that broke renaming pages when the attachment
  plugin was disabled.
* rename: Fix logic error that bypassed the usual pagespec checks.
2011-07-15 18:46:16 -04:00
Joey Hess 70ce708b02 releasing version 3.20110712 2011-07-12 12:40:30 -04:00
Joey Hess 20577d8ecb Display attachment manipulation links always, since attachments can be uploaded via javascript.
Could arrange for them to be in a span that is hidden when there are no
attachments and make the javascript upload unhide it; this is a quick fix.
2011-07-11 21:38:48 -04:00
Joey Hess d23786cb6c attachment: Bugfix to create directory when moving attachment out of holding area. 2011-07-11 21:35:46 -04:00
Joey Hess 4ce2490e01 releasing version 3.20110711 2011-07-11 18:41:30 -04:00
Joey Hess 258b75c4f7 attachment: Bugfix to move upload attachments out of holding area when saving. 2011-07-11 18:34:17 -04:00
Joey Hess 45a058a2c7 Add build dep on python-support. Closes: #633536 2011-07-11 13:07:28 -04:00
Joey Hess a40b58c514 releasing version 3.20110707 2011-07-07 20:48:48 -04:00
Joey Hess 9f7d9ab356 Bugfix for trying to attach files to a subpage of the index page. 2011-07-07 20:32:14 -04:00
Joey Hess a965e02430 Bugfix for wikilink containing an email address not showing up in brokenlinks list. 2011-06-29 18:35:29 -04:00
Joey Hess a18a62aa30 inline: Handle obfuscated urls, such as the mailto urls generated by markdown when forcing urls absolute.
That took me 5 minutes. If anyone thinks obfuscated email urls stops, or
even slows down spammers, think again.
2011-06-29 18:12:58 -04:00
Joey Hess add72de71a merged smcv/comments-metadata 2011-06-29 17:57:53 -04:00
Joey Hess 9d7c1d5f7d Fix ikiwiki-update-wikilist -r to actually work. 2011-06-29 17:38:26 -04:00
Joey Hess 25b01f9404 Preserve mixed case in page creation links, and when creating a page whose title is mixed case, allow selecting between the mixed case and all lower-case names. 2011-06-29 16:38:32 -04:00
Joey Hess ae1857b43c img: Generate png format thumbnails for svg images.
Imagemagick does not generate svg images very well, but it can convert
them to png quite well.

For browsers that don't yet support displaying svg, this also provides a
workaround; just scale the svg down to get a png. But the workaround is
partial, since scaling the image larger, or leaving it the same size will
cause the original svg to be displayed. Since browsers are actively
improving svg support, this is good enough for me.
2011-06-29 14:40:30 -04:00
Joey Hess c90bc78d44 Support svg as a inlinable image type
svg images can be included on a page by simply linking to them, or by using
the img directive. Note that sanitizing svg files is still not addressed.
2011-06-29 14:17:47 -04:00
Joey Hess 46064d6d63 html5 is not experimental anymore. But not the default either, quite yet. 2011-06-23 09:41:21 -04:00
Joey Hess 886890b82d move headinganchors out of contrib 2011-06-21 15:22:35 -04:00
Joey Hess d96edbbe68 Add libtext-multimarkdown-perl to Suggests. Closes: #630705 2011-06-16 13:13:08 -04:00
Joey Hess 6ebb4e262e show ikiwiki error when attachment is rejected 2011-06-16 13:01:23 -04:00
Joey Hess d4a0732752 let thru HTTP_ACCEPT
Needed for attachment to return json when requested.

I think some browsers send Accept: * , so I made sure to check that json
was explicitly listed as to be accepted, as well as having a high
priority.
2011-06-15 20:02:14 -04:00
Joey Hess a695b5b2f8 updated jquery and made it its own underlay 2011-06-15 19:15:06 -04:00
Joey Hess 8e15f664c4 aggregate: Improve checking for too long aggregated filenames.
Two problems fixed:

1. Files are written with a .ikiwiki-new suffix, which has to be taken into
   account.
2. Need to count length of bytes, not of unicode characters.
2011-06-10 18:47:57 -04:00
Joey Hess cf707d1654 userlist: New plugin, lets admins see a list of users and their info. 2011-06-09 10:10:27 -04:00
Joey Hess 4fdeda0e34 ikiwiki-mass-rebuild: Fix tty hijacking vulnerability by using su. (Once su's related bug #628843 is fixed.) Thanks, Ludwig Nussel. (CVE-2011-1408) 2011-06-08 17:42:07 -04:00
Joey Hess d7c4001748 search: Update search page when page.tmpl or searchquery.tmpl are locally modified. 2011-06-03 20:31:20 -04:00
Joey Hess 0423cac6de let's assume some web server will think OFF is a good idea.. 2011-06-03 14:41:13 -04:00
Joey Hess 254080bc85 Support the Hiawatha web server which sets HTTPS=off rather than not setting it. (There does not seem to be a standard here.) 2011-06-03 14:36:31 -04:00
Joey Hess 3b8fc54717 merged po4a robustness workaround 2011-06-03 12:39:09 -04:00
Joey Hess 50bc05e7fb changelog 2011-06-03 12:32:42 -04:00
Joey Hess 30c3ceeaa2 Changed license of madduck's python plugins from GPL-2 to BSD-2-clause.
Apparently the rst library is changing to a GPL-2 incompatable license.

"madduck: joeyh: so yes, do as you think is right."
2011-05-19 14:37:16 -04:00
Joey Hess b4dd83642a merged quoting changes 2011-05-13 11:24:16 -04:00
Joey Hess 97a8d30dc1 Support YAML::XS by not passing decoded unicode to Load. Closes: #625713 2011-05-12 17:50:25 -04:00
Joey Hess b2754fa272 openid: also use Net::INET6Glue if available 2011-05-09 18:15:35 -04:00
Joey Hess 825f81340a aggregate, pinger: Use Net::INET6Glue if available to support making ipv6 connections.
Making outgoing ipv6 connections for openid auth is still broken; the glue
module does not seem to solve that, so I did not make openid use it.
2011-05-09 14:00:48 -04:00
Joey Hess fc79f2252e Add conflict with libyaml-libyaml-perl, since that library does not support utf8. Closes: #625713 (see https://rt.cpan.org/Public/Bug/Display.html?id=54683) 2011-05-06 14:38:27 -04:00
Joey Hess adabab4cc6 changelog 2011-05-06 14:32:55 -04:00
Joey Hess 4a27adfa72 Danish translation update. Closes: #625721 2011-05-05 13:02:31 -04:00
Joey Hess e02b903054 releasing version 3.20110430 2011-04-30 17:27:18 -04:00
Joey Hess be0833b856 close bug already fixed a month ago in git 2011-04-30 16:40:52 -04:00
Joey Hess bad5072c02 tag: Avoid autocreating multiple tag pages that vary only in capitalization. The first capitalization seen of a tag will be used for the tag page.
Arguably, the real bug is in the interface to add_autofile, but since
that does take a filename, not a page name, it cannot really do case
handling on its own. The only other users of add_autofile in ikiwiki proper
is autoindex, and it always uses one case. Other third party plugins might
also need to add similar workarounds though.
2011-04-30 16:30:07 -04:00
Joey Hess e258575c12 Promote Crypt::SSLeay to Recommends; needed for https openid auth. 2011-04-30 12:06:32 -04:00
Joey Hess 270fd45c5d meta: Add FOAF support. Closes: #623156 (Jonas Smedegaard) 2011-04-21 19:52:39 -04:00
Joey Hess 795da42b29 changelog 2011-04-21 14:18:56 -04:00
Joey Hess df81a2d208 bug closure 2011-04-17 17:57:23 -04:00
Joey Hess d22489299a meta: Fix bug in loading of HTML::Entities that can break inline archive=yes (mostly masked by other plugins that load the module). 2011-04-12 12:30:24 -04:00
Joey Hess 5bdc7f4645 document fix I'm about to merge 2011-03-30 14:11:38 -04:00
Joey Hess 21f3eb5bc0 fix 2011-03-30 11:32:47 -04:00
Joey Hess 5013e6b0bd update for libravatar support
* comments: Add avatar picture of comment author, using Libravatar::URL
  when available. The avatar is looked up based on  (Thanks, Francois Marier)
* Recommend libgravatar-url-perl, which contains Libravatar::URL.
2011-03-30 10:55:36 -04:00
Joey Hess 0204dabccf CVE assigned 2011-03-28 19:10:08 -04:00
Joey Hess e548b0c245 changelog 2011-03-28 13:09:03 -04:00
Joey Hess 232c8a6dfc releasing version 3.20110328 2011-03-28 12:30:57 -04:00
Joey Hess be02a80b7a meta: Security fix; don't allow alternative stylesheets to be added on pages where the htmlscrubber is enabled. 2011-03-28 12:21:12 -04:00
Joey Hess a0e31f38d5 comment: Better fix to avoid showing comments of subpages, while not breaking manual inlining of comments. 2011-03-28 11:53:55 -04:00
Joey Hess 9df8971e57 Yaml formatted setup files are now produced by default
This has been a while coming. It turns out that non-excutable setup files
have a number of benefits. Also, I find YAML setup files easier to edit
myself, and I suspect many users will prefer not needing to deal with
perl syntax.
2011-03-24 21:30:18 -04:00
Joey Hess 78c750f2d2 Add timezone setting in setup file. This alows time zone to be configured via the web. 2011-03-24 13:36:16 -04:00
Joey Hess 5c2ba98bcc releasing version 3.20110321 2011-03-21 15:01:19 -04:00
Joey Hess 26eb86d903 Avoid escaping / characters in filenames when building the cgiurl, as this confuses eg, cvsweb. 2011-03-21 14:21:55 -04:00
Joey Hess b02d3746e1 aggregate: Read cookies from ~/.ikiwiki/cookies by default. Also, the cookiejar configuration setting can be used by other plugins to provide a custom `cookie_jar` object for LWP::UserAgent. (Thanks, schmonz) 2011-03-21 14:19:21 -04:00
Joey Hess 7e4a0c2930 darcs: Fix multiple issues preventing rcs_diff from working. 2011-03-02 12:39:58 -04:00
Joey Hess b34d31142b comment: Don't show comments of subpages on parent pages. (Fixes bug introduced in version 3.20100505.) 2011-02-27 18:16:07 -04:00
Joey Hess c58e0a97bf releasing version 3.20110225 2011-02-25 19:59:06 -04:00
Joey Hess b2a8f0f5b4 bookeeping 2011-02-22 17:34:19 -04:00
Joey Hess 9836bceaa5 bookeeping 2011-02-22 17:25:53 -04:00
Joey Hess 04498cdeb4 Fix broken baseurl in cgi mode when usedirs is disabled. Bug introduced in 3.20101231. 2011-02-21 14:57:15 -04:00
Joey Hess 44695122bf map: Avoid unnecessary ul's in maps with nested directories. (Giuseppe Bilotta) 2011-02-09 14:46:38 -04:00
Joey Hess 1879fe63be transient merged; bookkeeping 2011-02-09 14:18:48 -04:00
Joey Hess 8e604c0f0a htmltidy: Avoid breaking the sidebar when websetup is running.
Problem was this: websetup loads all plugins, but does not checkconfig
them. So, htmltidy's recently added configurable command setting was unset;
this resulted in its sanitize hook failing; the sanitize hook is called
when a sidebar was enabled, and this caused the sidebar to not display.

I put in a fix, but the underlying problem is that websetup loads all
plugins but leaves them in an unconfigured and possibly broken state while
trying to display its forms.

Probably the long-term fix is to have it cache the original hook states from
before loading the plugins, and restore it after getting their configuration.
Or, even to get the configuration using a subprocess, as plugins may do things
outside the hook system.
2011-02-03 12:49:13 -04:00
Joey Hess b752e7fec4 editpage: Avoid inheriting internal page types. 2011-02-01 21:01:26 -04:00
Joey Hess 2c8cb980bb releasing version 3.20110124 2011-01-24 17:11:53 -04:00
Joey Hess 80452eba92 inline: Fix regression in feed titles. Closes: #610878 (Thanks, Paul Wise) 2011-01-24 17:01:01 -04:00
Joey Hess 1640d12102 blogspam: Don't check modifications from admins for spam, and also allow the blogspam_pagespec to do other matches against who the user is. 2011-01-24 16:59:15 -04:00
Joey Hess 2be49b623a bleagh 2011-01-24 16:56:28 -04:00
Joey Hess 4d79b58381 releasing version 3.20110123 2011-01-23 10:26:12 -04:00
Joey Hess 0e224058e7 Adapt autoindex test suite to work with old Test::More. 2011-01-22 11:00:57 -04:00
Joey Hess 24792dabe4 releasing version 3.20110122 2011-01-22 10:44:33 -04:00
Joey Hess b5d7469830 rename: Fix crash when renaming a page that is linked to by a page in an underlay.
Skip fixing links in such pages. The user will get a list of pages that
still link to the old page.
2011-01-22 10:20:38 -04:00
Joey Hess dcfeaaad5b comments: Fix XSS security hole due to missing validation of page name.
Values have to be checked against wiki_file_regexp, not just file_pruned.
Audited the rest of the code base for similar problems, found none.
2011-01-22 10:15:33 -04:00
Joey Hess 9b6e333170 picked 2011-01-14 14:37:43 -04:00
Joey Hess e112372a38 update 2011-01-06 14:42:13 -04:00
Joey Hess 2cd8988648 releasing version 3.20110105 2011-01-05 18:19:26 -04:00
Joey Hess d991ccf134 use cgitemplate, remove misctemplate 2011-01-05 17:15:38 -04:00
Joey Hess 4dbb8120f7 Export three cgi env vars needed for CGI->url to work. 2011-01-05 16:08:21 -04:00
Joey Hess 3eabf323f0 Fix permalinks to recentchanges items and comments, broken by last release.
permalinks always need to be full urls
2011-01-05 15:22:55 -04:00
Joey Hess 6b5b0a3282 Temporarily revert one part of the multiple url support in the last release. Non-edit pages are now back to having `<base>` set to the site's main url. 2011-01-05 15:01:31 -04:00
Joey Hess 270cbd7cf5 Fix redirect to use a full url.
Was broken (in theory) by baseurl changes in last release.
2011-01-05 14:57:04 -04:00
Joey Hess 8c9c3915ec Fix base url when previewing. Was broken by urlto changes in last release.
Added a showform_preview that is like showform, but sets forcebaseurl
to point to the page being previewed.
2011-01-05 13:50:42 -04:00
Joey Hess 3841d709d7 bugfix 2011-01-04 16:02:31 -04:00
Joey Hess 84224c78a0 releasing version 3.20101231 2010-12-31 21:34:52 -04:00
Joey Hess 7d0ef85d80 git: Fix bug involving attempting to web revert a commit that included changes to attachments. 2010-12-29 20:19:58 -04:00