Commit Graph

90 Commits (7399f56607d789b2152b9461397b93b8db88ccff)

Author SHA1 Message Date
Joey Hess 1473bf84c5 update re template change 2010-04-23 17:38:37 -04:00
Simon McVittie 05b6e8ceee Despam, again. Someone ban adrianna please? 2010-04-02 18:28:34 +01:00
adrianna caa397b768 2010-04-02 12:24:14 +00:00
Joey Hess 2ad3e60ee8 htmlscrubber: Security fix: In data:image/* uris, only allow a few whitelisted image types. No svg. 2010-03-12 14:50:26 -05:00
Joey Hess 8aeac3b666 CVE 2009-08-30 17:48:14 -04:00
Joey Hess 7021fc3646 still mispelling josh's name.. 2009-08-30 15:32:42 -04:00
Joey Hess 41122048b9 teximg security problem 2009-08-30 15:20:32 -04:00
JoshTriplett 8202cfe19e Fix version. 2008-12-31 18:10:18 -05:00
Joey Hess 97cb036811 note fix versions 2008-11-12 17:35:21 -05:00
Joey Hess 716560b7f1 check for invalid utf-8, and toss it back to avoid crashes
Since ikiwiki uses open :utf8, perl assumes that files contain valid utf-8.
If it turns out to be malformed it may later crash while processing strings
read from them, with 'Malformed UTF-8 character (fatal)'.

As at least a quick fix, use utf8::valid as soon as data is read, and if
it's not valid, call encode_utf8 on the string, thus clearing the utf-8
flag. This may cause follow-on encoding problems, but will avoid this
crash, and the input file was broken anyway, so GIGO is a reasonable
response. (I looked at calling decode_utf8 after, but it seemed to cause
more trouble than it was worth. BTW, use open ':encoding(utf8)' avaoids
this problem, but the corrupted data later causes Storable to crash when
writing the index.)

This is a quick fix, clearly imperfect:
- It might be better to explicitly call decode_utf8 when reading files,
  rather than using the IO layer.
- Data read other than by readfile() can still sneak in bad utf-8. While
  ikiwiki does very little file input not using it, stdin for the CGI
  would be one way.
2008-11-12 17:30:54 -05:00
Joey Hess 4f06e7402a remove ikiwiki.setup
To generate your own, use ikiwiki -dumpsetup ikiwiki.setup

Update docs.
2008-07-26 22:55:39 -04:00
Simon McVittie 47d179802d Migrate everything else via prefix_directives
This is a partial commit of:
egrep -rl '\[\[[a-z]+ ' doc | xargs --max-args 1 ./ikiwiki-transition
prefix_directives
2008-07-21 12:32:31 +01:00
Joey Hess f8e33430d8 update 2008-07-02 16:47:29 -04:00
Joey Hess c1289de1ef cve id 2008-05-31 20:16:18 -04:00
Joey Hess d8ec77a3cd fix link 2008-05-30 18:27:37 -04:00
Joey Hess 2bf2af30ea more on the security hole 2008-05-30 18:26:04 -04:00
Joey Hess 4152dca09e documentation for use of hashed passwords
Everything but the actual coding to support them.
2008-05-29 15:17:19 -04:00
Joey Hess 3912a9f5e9 add CVE link 2008-04-20 15:25:51 -04:00
Joey Hess 7f51c69491 releasing version 2.42 2008-04-10 17:24:08 -04:00
Joey Hess 72b5ef2c5f Fix CSRF attacks against the preferences and edit forms. Closes: #475445
The fix involved embedding the session id in the forms, and not allowing the
forms to be submitted if the embedded id does not match the session id.

In the case of the preferences form, if the session id is not embedded,
then the CGI parameters are cleared. This avoids a secondary attack where the
link to the preferences form prefills password or other fields, and
the user hits "submit" without noticing these prefilled values.

In the case of the editpage form, the anonok plugin can allow anyone to edit,
and so I chose not to guard against CSRF attacks against users who are not
logged in. Otherwise, it also embeds the session id and checks it.

For page editing, I assume that the user will notice if content or commit
message is changed because of CGI parameters, and won't blndly hit save page.
So I didn't block those CGI paramters. (It's even possible to use those CGI
parameters, for good, not for evil, I guess..)

The only other CSRF attack I can think of in ikiwiki involves the poll plugin.
It's certianly possible to set up a link that causes the user to unknowingly
vote in a poll. However, the poll plugin is not intended to be used for things
that people would want to attack, since anyone can after all edit the poll page
and fill in any values they like. So this "attack" is ignorable.
2008-04-10 16:35:30 -04:00
Joey Hess 609e74bbd8 fix what I think is a typo 2008-04-10 16:08:59 -04:00
Joey Hess 0737121a73 add CVE ids 2008-02-20 16:48:38 -05:00
Joey Hess 0e445d62d2 some updates about the recent hole 2008-02-10 19:00:26 -05:00
Joey Hess 71ccaf0751 a few thoughts on data: security 2008-02-10 15:55:42 -05:00
Joey Hess 4e791ed695 document security fix
The backported fix for stable is tagged and waiting for the security team
to upload.
2008-02-10 14:00:00 -05:00
Joey Hess 8937e5e285 typo 2007-12-22 01:36:55 -05:00
Joey Hess ce70d375a4 more 2007-11-27 12:50:42 -05:00
Joey Hess cfdba3c708 remove svn-isms 2007-11-27 12:49:41 -05:00
Joey Hess cb777df041 add some documentation about how to safely allow multiple committers to an
ikiwiki git repository
2007-11-27 12:41:18 -05:00
Joey Hess e15e3202eb releasing version 2.14 2007-11-26 15:30:44 -05:00
joey c8b4ba354f * Fix a security hole that allowed insertion of unsafe content via the meta
plugins's support for inserting html link and meta tags. Now such content
  is passed through the htmlscrubber like everything else.
* Unfortunatly, that means that some valid uses of those tags are no longer
  usable, and special case methods needed to be added for including
  stylesheets, and for doing openid delegation. If you use either of these
  in your wiki, it will need to be modified. See the meta plugin docs
  for details.
2007-03-21 18:52:56 +00:00
joey 1c65ca4922 * Fix a few bugs around page titles containing html. The worst of these
is an actual security hole as it allows insertion of html into the title
  element of a page, which is not processed by the htmlscrubber.
2007-03-21 06:05:21 +00:00
joey 40f318f3e9 document recent security hole 2007-02-14 01:31:31 +00:00
joey c54f2e20ac web commit by JeremyReed: typo fix 2006-12-27 03:43:56 +00:00
joey 9d63be9af9 web commit by http://id.kurokatta.org/david: Copyedit. 2006-11-21 12:43:22 +00:00
joey c49af80ab3 some notes about the security (or lack thereof) of plugins 2006-10-22 21:12:21 +00:00
joey e16746a52f * Add toc (table of contents) plugin. 2006-08-28 07:40:20 +00:00
joey 4a4c0b6268 update 2006-08-28 04:35:49 +00:00
joey 4ad7c9d625 * Patch from James Westby to add a --sslcookie switch, which forces
cookies to only be sent over ssl connections to avoid interception.
* Factor out the cgi header printing code into a new function.
* Fix preferences page on anonok wikis; still need to sign in to get
  to the preferences page.
2006-08-27 20:25:05 +00:00
joey 9d7375c3b2 * Allow preprocessor directives to contain python-like triple-quoted
text blocks, for easy nesting of quotes inside.
* Add a template plugin.
* Use the template plugin to add infoboxes to each plugin page listing basic
  info about the plugin.
2006-08-23 05:41:07 +00:00
joey 4d6f5e5a14 update 2006-08-18 06:22:38 +00:00
joey 2ea8fbe2d9 misc changes 2006-08-05 21:15:50 +00:00
joey 2c0b310cc2 releasing version 1.13 2006-08-02 01:31:39 +00:00
joey 8a5f9f6e00 security note 2006-07-30 06:08:56 +00:00
www-data dc35513522 web commit by ThomasSchwinge: Typo fixes. 2006-07-02 16:50:13 +00:00
www-data 995dfd6cf4 web commit by joey 2006-07-02 02:22:22 +00:00
joey 0bb605baf8 * Parse svn log as xml for improved utf8 and security. Note that this makes
ikiwiki depend on XML::Simple. Patch by Faidon Liambotis.
2006-07-02 02:18:31 +00:00
joey 140658bc51 * More security review. 2006-06-01 20:44:12 +00:00
joey 477c11ad4d typo 2006-05-26 16:23:48 +00:00
joey 6652de5e1a * Removed --sanitize and --no-sanitize, replaced with --plugin htmlscrubber
and --disable-plugin htmlscrubber.
2006-05-05 05:41:11 +00:00