Joey Hess
78e740f643
web commit by http://sabr.myopenid.com/
2008-04-12 22:23:55 -04:00
Joey Hess
c70160e995
web commit by http://sabr.myopenid.com/
2008-04-12 22:15:21 -04:00
Joey Hess
d97ca8c610
web commit by http://sabr.myopenid.com/
2008-04-12 20:36:15 -04:00
Joey Hess
378c2696d9
web commit by http://sabr.myopenid.com/
2008-04-12 20:13:42 -04:00
Joey Hess
7518b245f2
web commit by http://sabr.myopenid.com/
2008-04-12 20:05:34 -04:00
Joey Hess
060ceaba1f
web commit by http://sabr.myopenid.com/
2008-04-12 20:04:59 -04:00
Joey Hess
4988a901c8
web commit by http://sabr.myopenid.com/
2008-04-12 20:04:29 -04:00
Joey Hess
7178de28da
web commit by tschwinge: Modify.
2008-04-12 18:01:54 -04:00
Joey Hess
461f907403
web commit by http://sabr.myopenid.com/
2008-04-12 17:57:09 -04:00
Joey Hess
3b7b057e01
patch, thoughts
2008-04-12 17:19:32 -04:00
Joey Hess
d17e1d8c9d
Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info
2008-04-12 17:12:40 -04:00
Joey Hess
57035d610e
web commit by http://sabr.myopenid.com/
2008-04-12 13:21:11 -04:00
Joey Hess
14b59caba3
Recommend a recent git-core for git init. Closes: 475609
2008-04-11 20:06:23 -04:00
Joey Hess
1f4dec34e2
web commit by cjb: Added wiktionary shortcut
2008-04-10 21:55:25 -04:00
Joey Hess
26c96e1f10
web commit by http://sabr.myopenid.com/
2008-04-10 20:18:20 -04:00
Joey Hess
2718fc2b25
response
2008-04-10 19:54:38 -04:00
Joey Hess
92e39d7391
cannot reproduce
2008-04-10 19:32:43 -04:00
Joey Hess
abde579038
response
2008-04-10 19:25:23 -04:00
Joey Hess
51f75484d7
let's move the access keys discussion out to the todo item about it
2008-04-10 19:18:34 -04:00
Joey Hess
d9275303cc
correct the command line used to generate the favicon
2008-04-10 18:51:21 -04:00
Joey Hess
58e346d229
correct utf-8 damage introduced by jblevins's modification of this page
2008-04-10 18:00:17 -04:00
Joey Hess
235b6d18b6
change wording
2008-04-10 17:59:11 -04:00
Joey Hess
04d601f419
response
2008-04-10 17:53:24 -04:00
Joey Hess
2beb279806
Give the full path to the hyperestraier helpfile in estseek.conf.
2008-04-10 17:50:43 -04:00
Joey Hess
b698bf2408
Use bzr --quiet to avoid it outputting stuff and messing up http headers. (Scott Bronson)
2008-04-10 17:44:40 -04:00
Joey Hess
e4395a567b
Fix broken rcs_update for bzr. (Scott Bronson)
2008-04-10 17:41:43 -04:00
Joey Hess
e1d456a86f
Fix missing import of escapeHTML in userlink. (Scott Bronson)
2008-04-10 17:39:51 -04:00
Joey Hess
15237c74fc
response
2008-04-10 17:31:39 -04:00
Joey Hess
a91f044044
add news item for ikiwiki 2.42
2008-04-10 17:24:24 -04:00
Joey Hess
7f51c69491
releasing version 2.42
2008-04-10 17:24:08 -04:00
Joey Hess
d5c964508f
Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info
2008-04-10 17:12:55 -04:00
Joey Hess
ab0e0e807a
perl dumping core is not an ikiwiki bug, sorry
2008-04-10 17:09:58 -04:00
Joey Hess
555f1d0512
web commit by http://joey.kitenet.net/ : test
2008-04-10 16:46:23 -04:00
Joey Hess
243739e1c3
Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info
2008-04-10 16:35:50 -04:00
Joey Hess
72b5ef2c5f
Fix CSRF attacks against the preferences and edit forms. Closes : #475445
...
The fix involved embedding the session id in the forms, and not allowing the
forms to be submitted if the embedded id does not match the session id.
In the case of the preferences form, if the session id is not embedded,
then the CGI parameters are cleared. This avoids a secondary attack where the
link to the preferences form prefills password or other fields, and
the user hits "submit" without noticing these prefilled values.
In the case of the editpage form, the anonok plugin can allow anyone to edit,
and so I chose not to guard against CSRF attacks against users who are not
logged in. Otherwise, it also embeds the session id and checks it.
For page editing, I assume that the user will notice if content or commit
message is changed because of CGI parameters, and won't blndly hit save page.
So I didn't block those CGI paramters. (It's even possible to use those CGI
parameters, for good, not for evil, I guess..)
The only other CSRF attack I can think of in ikiwiki involves the poll plugin.
It's certianly possible to set up a link that causes the user to unknowingly
vote in a poll. However, the poll plugin is not intended to be used for things
that people would want to attack, since anyone can after all edit the poll page
and fill in any values they like. So this "attack" is ignorable.
2008-04-10 16:35:30 -04:00
Joey Hess
609e74bbd8
fix what I think is a typo
2008-04-10 16:08:59 -04:00
Joey Hess
c69c811d64
web commit by http://joey.kitenet.net/ : oops :-)
2008-04-10 14:45:00 -04:00
Joey Hess
ff363cf9a0
web commit by http://joey.kitenet.net/
2008-04-10 14:43:58 -04:00
Joey Hess
5647448501
web commit by ScottSwalwell: Fixed my fix.
2008-04-10 13:01:27 -04:00
Joey Hess
7921d9456c
web commit by ScottSwalwell: Fixed this link.
2008-04-10 13:00:36 -04:00
Joey Hess
04528ba259
web commit by cjb: Fixed URL
2008-04-10 01:06:21 -04:00
Joey Hess
e8728aa894
web commit by cjb: Tagged
2008-04-10 00:09:07 -04:00
Joey Hess
675236d251
web commit by cjb: Suggested patch for 302 redirect after page creation when using bzr
2008-04-10 00:07:59 -04:00
Joey Hess
914a5645a5
web commit by http://sabr.myopenid.com/
2008-04-09 22:34:44 -04:00
Joey Hess
61012a1e8d
web commit by http://sabr.myopenid.com/
2008-04-09 21:56:41 -04:00
Joey Hess
beea66a711
web commit by http://sabr.myopenid.com/
2008-04-09 21:55:32 -04:00
Joey Hess
50d653ad11
web commit by http://sabr.myopenid.com/
2008-04-09 21:33:30 -04:00
Joey Hess
eb42df0767
web commit by http://sabr.myopenid.com/
2008-04-09 19:34:08 -04:00
Joey Hess
cf7fb618f3
web commit by http://sabr.myopenid.com/
2008-04-09 17:45:06 -04:00
Joey Hess
18de75c462
web commit by http://sabr.myopenid.com/
2008-04-09 17:39:22 -04:00