Commit Graph

69 Commits (73d5d40bf8950d3f2423a6887ad37ba076cd2473)

Author SHA1 Message Date
Joey Hess 0737121a73 add CVE ids 2008-02-20 16:48:38 -05:00
Joey Hess 0e445d62d2 some updates about the recent hole 2008-02-10 19:00:26 -05:00
Joey Hess 71ccaf0751 a few thoughts on data: security 2008-02-10 15:55:42 -05:00
Joey Hess 4e791ed695 document security fix
The backported fix for stable is tagged and waiting for the security team
to upload.
2008-02-10 14:00:00 -05:00
Joey Hess 8937e5e285 typo 2007-12-22 01:36:55 -05:00
Joey Hess ce70d375a4 more 2007-11-27 12:50:42 -05:00
Joey Hess cfdba3c708 remove svn-isms 2007-11-27 12:49:41 -05:00
Joey Hess cb777df041 add some documentation about how to safely allow multiple committers to an
ikiwiki git repository
2007-11-27 12:41:18 -05:00
Joey Hess e15e3202eb releasing version 2.14 2007-11-26 15:30:44 -05:00
joey c8b4ba354f * Fix a security hole that allowed insertion of unsafe content via the meta
plugins's support for inserting html link and meta tags. Now such content
  is passed through the htmlscrubber like everything else.
* Unfortunatly, that means that some valid uses of those tags are no longer
  usable, and special case methods needed to be added for including
  stylesheets, and for doing openid delegation. If you use either of these
  in your wiki, it will need to be modified. See the meta plugin docs
  for details.
2007-03-21 18:52:56 +00:00
joey 1c65ca4922 * Fix a few bugs around page titles containing html. The worst of these
is an actual security hole as it allows insertion of html into the title
  element of a page, which is not processed by the htmlscrubber.
2007-03-21 06:05:21 +00:00
joey 40f318f3e9 document recent security hole 2007-02-14 01:31:31 +00:00
joey c54f2e20ac web commit by JeremyReed: typo fix 2006-12-27 03:43:56 +00:00
joey 9d63be9af9 web commit by http://id.kurokatta.org/david: Copyedit. 2006-11-21 12:43:22 +00:00
joey c49af80ab3 some notes about the security (or lack thereof) of plugins 2006-10-22 21:12:21 +00:00
joey e16746a52f * Add toc (table of contents) plugin. 2006-08-28 07:40:20 +00:00
joey 4a4c0b6268 update 2006-08-28 04:35:49 +00:00
joey 4ad7c9d625 * Patch from James Westby to add a --sslcookie switch, which forces
cookies to only be sent over ssl connections to avoid interception.
* Factor out the cgi header printing code into a new function.
* Fix preferences page on anonok wikis; still need to sign in to get
  to the preferences page.
2006-08-27 20:25:05 +00:00
joey 9d7375c3b2 * Allow preprocessor directives to contain python-like triple-quoted
text blocks, for easy nesting of quotes inside.
* Add a template plugin.
* Use the template plugin to add infoboxes to each plugin page listing basic
  info about the plugin.
2006-08-23 05:41:07 +00:00
joey 4d6f5e5a14 update 2006-08-18 06:22:38 +00:00
joey 2ea8fbe2d9 misc changes 2006-08-05 21:15:50 +00:00
joey 2c0b310cc2 releasing version 1.13 2006-08-02 01:31:39 +00:00
joey 8a5f9f6e00 security note 2006-07-30 06:08:56 +00:00
www-data dc35513522 web commit by ThomasSchwinge: Typo fixes. 2006-07-02 16:50:13 +00:00
www-data 995dfd6cf4 web commit by joey 2006-07-02 02:22:22 +00:00
joey 0bb605baf8 * Parse svn log as xml for improved utf8 and security. Note that this makes
ikiwiki depend on XML::Simple. Patch by Faidon Liambotis.
2006-07-02 02:18:31 +00:00
joey 140658bc51 * More security review. 2006-06-01 20:44:12 +00:00
joey 477c11ad4d typo 2006-05-26 16:23:48 +00:00
joey 6652de5e1a * Removed --sanitize and --no-sanitize, replaced with --plugin htmlscrubber
and --disable-plugin htmlscrubber.
2006-05-05 05:41:11 +00:00
joey 54d5308cd8 * Added plugin system, currently only supporting for PreProcessorDirectives.
* Added a pagecount plugin, enabled by default.
* Support PreProcessorDirectives with no parameters, ie "[[pagecount ]]".
* Fixed/optimised backlinks code, to avoid rebuilding pages to update
  backlinks when the backlinks hadn't really changed.
* Moved inline page support, rss generation etc into the inline plugin,
  enabled by default.
* Added brokenlinks plugin, not enabled by default, but rather handy.
* Fix several broken links in the doc wiki.
2006-05-02 02:34:33 +00:00
www-data 788eebfc18 web commit by joey 2006-04-25 06:04:54 +00:00
www-data 699024fa15 web commit by joey 2006-04-25 06:04:20 +00:00
joey 2c64a9f6f1 security update 2006-04-25 06:02:38 +00:00
www-data 1a382e051f web commit by joey 2006-04-25 03:33:26 +00:00
www-data 903db5e5d5 web commit by joey 2006-04-25 03:33:17 +00:00
www-data dc558930f2 web commit by joey 2006-04-25 03:30:19 +00:00
joey d7aecf6ddc implemented html sanitisation 2006-04-25 03:18:21 +00:00
www-data ec9e013f3c web commit by joey 2006-04-25 00:39:19 +00:00
joey 698aeb2016 update 2006-04-24 23:05:17 +00:00
joey 1c8b757580 update 2006-04-24 23:03:40 +00:00
joey efe91335c6 improve fix for symlink attacks to check subdirectories for symlinks too
before writing
2006-03-29 18:50:36 +00:00
joey 975ae0944c Implemented --underlaydir, and moved files provided by underlay out of doc
so I don't need to maintain two copies anymore.

You might also want to remove the files provided in the basewiki underlay
from your wiki, if you have not created custom local versions of them, so
that these pages will be automatically updated in future ikiwiki upgrades.
2006-03-29 18:21:01 +00:00
joey 9092356173 added --getctime 2006-03-26 02:30:44 +00:00
joey 62f1f9732b found & fixed another symlink attack 2006-03-23 04:33:35 +00:00
joey 325d5c791f added adminuser settings, globlist support, and used this to implement page
locking
2006-03-23 01:40:46 +00:00
www-data ae0475367c web commit by joey 2006-03-19 22:01:43 +00:00
www-data cc5248c5f6 web commit by joey 2006-03-19 22:00:58 +00:00
www-data 1d8e719e6a web commit by joey 2006-03-19 22:00:23 +00:00
www-data 93f8af972b web commit by joey 2006-03-19 20:49:26 +00:00
www-data c0a2814124 web commit by joey 2006-03-16 21:09:41 +00:00