Commit Graph

112 Commits (75d14335932ccdcf4520e3bc2c22457bcacc8368)

Author SHA1 Message Date
joey 29e6ff03b0 * Fix a security hole that allowed a web user to edit images and other
non-page format files in the wiki. To exploit this, the file already had
  to exist in the wiki, and the web user would need to somehow use the web
  based editor to replace it with malicious content.
  (Sorry Josh, this means you can't edit style.css directly anymore,
  although I do appreciate your fixes, actually..)
2007-02-10 20:37:36 +00:00
joey 5f162cfd34 * Add canedit hook, allowing arbitrary controls over when a page can be
edited.
* Move code forcing signing before edit to a new "signinedit" plugin, and
  code checking for locked pages into a new "lockedit" plugin. Both are 
  enabled by default.
* Remove the anonok config setting. This is now implemented by a new
  "anonok" plugin. Anyone with a wiki allowing anonymous edits should
  change their configs to enable this new plugin.
* Add an opendiscussion plugin that allows anonymous users to edit
  discussion pages, on a wiki that is otherwise wouldn't allow it.
* Lots of CGI code reorg and cleanup.
2007-02-02 02:33:03 +00:00
joey 4ff60ef1c5 * Always call rcs_update after a commit during a web edit, to work around
the problem described in bugs/svn_fails_to_update. Thanks to Ethan for the
  analysis and patch.
2007-01-28 00:26:55 +00:00
joey c4b1712212 * Change the RecentChanges page to show the path of changed pages. 2007-01-14 04:30:53 +00:00
joey 7ceb5b1f75 Improve error message when postsignin (probably from openid) fails due to
cookies not being enabled. Adds a new translatable string..
2007-01-12 20:56:54 +00:00
joey 8c8ce06a1b * Search in default location for templates as a fallback when templatedir is
pointed elsewhere, so that only modified templates need to be copied into
  a templatedir. Based on work by JeremyReed.
2007-01-12 20:48:19 +00:00
joey 8daaa11baa added some comments for translators 2007-01-04 12:00:23 +00:00
joey e5348d2d70 * Corrected a bum regexp in openid munging. 2007-01-03 05:33:50 +00:00
joey 39d78ce54c deal with http:// part 2006-12-31 22:28:08 +00:00
joey c494e2f974 * Escape shashes in page titles entered in the blog post form.
* Munge openids of the form somehost.com/user (trial, may revert)
2006-12-31 20:50:22 +00:00
joey f62d23f008 * If a userdir is configured, links to pages in it can be made without
specifying the path. This allows for easy signing of comments by linking
  to your page in the userdir.
2006-12-29 05:33:20 +00:00
joey 912521ef07 * Initial work on internationalization of the program code. po/ikiwiki.pot
is available for translation.
* Export gettext() from IkiWiki module.
2006-12-29 04:38:40 +00:00
joey 472dabbb60 * Turn $config{wiki_file_prune_regexps} into an array that is easier to
manipulate.
* Only exclude rss and atom files from processing if the inline plugin
  is enabled and that feed type is enabled. Else it's just a copyable file
  type.
* Move rss and atom option handling code into the inline plugin.
* Applied a rather old patch from Recai to fix the "pruning is too strict"
  issue. Now you can have wiki source directories inside dotdirs and the
  like, if you want.
2006-12-21 19:36:15 +00:00
joey 389ad222ec * Add userdir config setting. 2006-12-19 16:58:55 +00:00
joey 8af8d085d6 * The hack used to make the pagetemplate hook have access to the editpage
template won't work with CGI::FormBuilder 3.0401, so disable it for now.
* CGI::FormBuilder 3.0401 seems to work ok now with ikiwiki, although
  there might still be bugs lurking..
2006-12-02 00:19:55 +00:00
joey d99ce1f9ad session improvements 2006-11-26 19:43:50 +00:00
joey 04a9dbfe7d updates 2006-11-22 14:28:38 +00:00
joey 95e8127405 improve 2006-11-21 17:56:04 +00:00
joey a8c5c8c0ba improve regexp 2006-11-21 03:52:20 +00:00
joey fc0b70e700 formatting 2006-11-21 01:40:47 +00:00
joey d4b4475521 improvement 2006-11-20 21:02:45 +00:00
joey 3e593eb9c0 * Add "last" parameter to hook function. Very basic ordering, and hopefully
nothing more spohisticated will be needed.
* Add formbuilder_setup and formbuilder hooks.
* Split out a passwordauth module, that holds all the traditional password
  based authentication etc code. It's enabled by default, but can be disabled
  if you want only openid or some other auth method.
2006-11-20 20:37:27 +00:00
joey d389b0e4a4 * Avoid locking the wiki at all when handling some basic cgi stuff
(searches, recentchanges).
2006-11-20 12:03:35 +00:00
joey 7cfdb888e5 increase field widths 2006-11-20 09:59:27 +00:00
joey e43cd269d2 * Add openidsignup config option.
* Make the openid plugin support the callbacks from myopenid.com via its 
  affiliate program.
* Change how post signin actions are propigated through the signin process;
  they're now stored in the session.
2006-11-20 09:40:09 +00:00
joey e7ee388ea1 minor improvements 2006-11-20 06:22:19 +00:00
joey 9f60b7f6cd explanation 2006-11-20 03:22:23 +00:00
joey 702b8721d3 * Add an openid plugin to support logging in using OpenID.
* Web commits by OpenID users will record the full OpenID url for the user,
  but in recentchanges, these urls will be converted to a simplified display
  form+link.
* Modified svn, git, tla backends to recognise such web commits.
2006-11-20 02:46:58 +00:00
joey 54cf5a62ca * Make auth methods pluggable.
* Move httpauth support to a plugin.
* Add an openid plugin to support logging in using OpenID.
2006-11-20 01:52:18 +00:00
joey 60aca5e0fe fixes 2006-11-10 07:51:14 +00:00
joey 96eb9bb3fa * Work around a strange bug in CGI::FormBuilder 3.0401 that makes
FORM-SUBMIT unusable on customised formbuilder templates. For now,
  hardcode the submit buttons in editpage.tmpl instead of using the
  template variable, which is ok, since the buttons are static.
2006-11-10 07:46:41 +00:00
joey 35ee7e44a6 * Make sure to check for errors from every eval. 2006-11-08 21:03:33 +00:00
joey cb3f89f429 * Enable utf8 file IO in aggregate plugin.
* Fix some issues with the new registration form.
2006-11-08 20:13:59 +00:00
joey c3a530ab93 * Improve login/register process, the login dialog has only name and
password fields, which allows more web browsers to regognise it as a login
  field, and is less confusing.
2006-10-30 23:28:01 +00:00
joey a1eaeffe5e delete session 2006-10-28 00:36:34 +00:00
joey b6509c74a9 * Add basic spam fighting tool for admins: An admin's prefs page now allows
editing a list of banned users who are not allowed to log in.
2006-10-28 00:35:33 +00:00
joey 3ef0a67811 * Patch from Recai to limit recentchanges to displaying max 10 files for a
given changeset (to avoid large number of file changes excessively
  bloating the page).
2006-10-14 03:12:30 +00:00
joey be55f6fd7c * Atom feed support based on a patch by Clint Adams.
* Add feeds=no option to inline preprocessor directive to turn off all types
  of feeds. feeds=rss will still work, and feeds=atom was also added, for
  fine control.
* $IkiWiki::version now holds the program version, and is accessible to
  plugins.
2006-10-08 23:57:37 +00:00
joey 67b513e8c4 * Patch from Alec Berryman adding a http_auth config item that allows
using HTTP Authentication instead of ikiwiki's built in authentication.
  Useful for eg, large sites with their own previously existing user auth
  setup. Closes: #384534
2006-10-02 22:56:09 +00:00
joey 26774c931c * Patch from James Westby to deal with the case where you're editing a
new page, hit cancel, and need to be redirected to somewhere sane.
2006-09-16 01:23:14 +00:00
joey 0f25ec8eb6 * pagetemplate hooks are now also called when generating cgi pages.
* Add a favicon plugin, which simply adds a link tag for an icon to each
  page (and cgis).
2006-09-16 00:52:26 +00:00
joey 1e7be2d3dd * Patch from Recai to kill utf-8 on the wiki name when generating the
session cookie.
2006-09-11 16:24:05 +00:00
joey dae0f48e91 * Work on firming up the plugin interface:
- Plugins should not need to load IkiWiki::Render to get commonly
    used functions, so moved some functions from there to IkiWiki.
  - Picked out the set of functions and variables that most plugins
    use, documented them, and made IkiWiki export them by default,
    like a proper perl module should.
  - Use the other functions at your own risk.
  - This is not quite complete, I still have to decide whether to
    export some other things.
* Changed all plugins included in ikiwiki to not use "IkiWiki::" when
  referring to stuff now exported by the IkiWiki module.
* Anyone with a third-party ikiwiki plugin is strongly enrouraged
  to make like changes to it and avoid use of non-exported symboles from
  "IkiWiki::".
* Link debian/changelog and debian/news to NEWS and CHANGELOG.
* Support hyperestradier version 1.4.2, which adds a new required phraseform
  setting.
2006-09-09 22:50:27 +00:00
joey f7d95297bb need to import escapeHTML 2006-09-06 20:03:59 +00:00
joey 1f26347379 escaping fix from Emanuele Aina 2006-09-06 20:02:12 +00:00
joey 92065444d9 * Simplify the data structure returned by rcs_recentchanges to avoid
each rcs plugin needing to form complex strings on its own.
2006-09-03 19:53:23 +00:00
joey 4895955cea * Change htmlize, format, and sanitize hooks to use named parameters. 2006-08-28 18:17:59 +00:00
joey 4ad7c9d625 * Patch from James Westby to add a --sslcookie switch, which forces
cookies to only be sent over ssl connections to avoid interception.
* Factor out the cgi header printing code into a new function.
* Fix preferences page on anonok wikis; still need to sign in to get
  to the preferences page.
2006-08-27 20:25:05 +00:00
joey d4ca3b3f50 * Change order of linkify and preprocess; first preprocess and then linkify.
This allows passing a wikilink inside a parameter to a preprocessor
  directive without it being expanded to html, and leaking out of the
  parameter, which had required some non-obvious use of triple-quoting
  to avoid. Note that any preprocessor plugins that output something
  that looks like a wikilink will now have it treated as such; AFAIK
  this doesn't change any behavior though except for the template plugin.
* Enable preprocessor directives when previewing an edit.
2006-08-23 20:23:57 +00:00
joey cf3021ef3f * Fixed a bug with previews of subpages having broken links to top-level
pages.
* Change how the stylesheet url is determined in the templates: Remove
  STYLEURL and add BASEURL to all templates (some already had it). This
  new more general variable can be used to link to other things (eg, images)
  from the template, as well as stylesheets.
2006-08-21 22:27:02 +00:00