Commit Graph

1514 Commits (81165dd2e079fac822eaefacafaaa612524b3aa6)

Author SHA1 Message Date
Simon McVittie 286dbb0541 comments: use CGI module's checksessionexpiry 2008-12-11 21:14:03 +00:00
Simon McVittie 9a6005a212 editpage: factor out checksessionexpiry into IkiWiki::CGI 2008-12-11 21:14:03 +00:00
Simon McVittie cb5aaa3cee htmlbalance: don't compact whitespace, and set misc other options
Not compacting whitespace is the most important one: now that we run
sanitize hooks on individual posted comments in the comments plugin,
whitespace that is significant to Markdown (but not HTML) is lost.
2008-12-11 21:14:03 +00:00
Simon McVittie 249ea2ed75 comments: remove allowhtml option, just switch it on all the time
Now that posts are individually sanitized, that should be safe.
2008-12-11 21:14:03 +00:00
Simon McVittie 4663f364bb comments: load inline and mdwn lazily 2008-12-11 21:14:03 +00:00
Simon McVittie 9d92fd5eb0 comments: don't rely on mdwn getting loaded first 2008-12-11 21:14:03 +00:00
Simon McVittie ebe140201e comments: sanitize the body of each comment before posting it
This should ensure that users can't "break out" from the enclosing
<div>, making it impossible to forge comments (assuming htmlscrubber
is enabled, and so is either htmlbalance or htmltidy).
2008-12-11 21:14:03 +00:00
Simon McVittie 57e40b9ce5 Fix typo that led to comments being blanked 2008-12-11 21:14:02 +00:00
Simon McVittie 3d4aa065d6 postcomment: Rename plugin to comments, use *._comment files
The PageSpec is still called "postcomment" since that's what it means.
2008-12-11 21:14:02 +00:00
Simon McVittie 3c9ccb406b Rename smcvpostcomment plugin to postcomment to propose for inclusion 2008-12-11 21:14:02 +00:00
Simon McVittie b7db3444a5 smcvpostcomment: allow commenting to be closed 2008-12-11 21:14:02 +00:00
Simon McVittie f49603bf86 smcvpostcomment: import other plugins lazily and remove unnecessary use of CGI 2008-12-11 21:14:02 +00:00
Simon McVittie 442e4e7e12 smcvpostcomment: allow inlining to be disabled, and pass through atom etc. better 2008-12-11 21:14:02 +00:00
Simon McVittie bb4eb07bdd smcvpostcomment: make allowhtml etc. configurable, and don't allow commenting on pages where comments have never been allowed 2008-12-11 21:14:02 +00:00
Simon McVittie d18adfb1ad smcvpostcomment: indicate in form whether HTML and directives are allowed 2008-12-11 21:14:02 +00:00
Simon McVittie 1bd1b03766 smcvpostcomment: remove HTML if not allowed 2008-12-11 21:14:02 +00:00
Simon McVittie 660a4ef151 smcvpostcomment: always allow wikilinks, and do access control
wikilinks are harmless, so we might as well allow them.

Access control for this plugin is a bit odd, since we specifically
don't want to allow comments to be edited - so the check is whether the
user is allowed to edit a deliberately invalid page name,
page/commented/on[smcvpostcomment]. You can put smcvpostcomment(*)
or smcvpostcomment(some/subdir/*) in $config{anonok_pagespec}
or the opposite in $config{locked_pages} to allow "editing" (really
just posting) comments.
2008-12-11 21:14:02 +00:00
Simon McVittie 798dea2033 smcvpostcomment: reduce length of subject field 2008-12-11 21:14:02 +00:00
Simon McVittie 29862a8cc8 smcvpostcomment: explain what $fake is for 2008-12-11 21:14:01 +00:00
Simon McVittie 42b15f7633 smcvpostcomment: avoid warnings if form field 'body' is undef 2008-12-11 21:14:01 +00:00
Simon McVittie e65c7b73af smcvpostcomment: load inline plugin more forcibly 2008-12-11 21:14:01 +00:00
Simon McVittie 49835784d8 smcvpostcomment: use better names for special comment files 2008-12-11 21:14:01 +00:00
Simon McVittie bd8c4674a8 smcvpostcomment: use gettext where appropriate 2008-12-11 21:14:01 +00:00
Simon McVittie f77f7a02a6 Add initial version of a postcomment plugin (temporarily namespaced as smcvpostcomment) 2008-12-11 21:14:01 +00:00
Joey Hess b67632cdcd inline: Support feedfile option to change the filename of the feed generated. 2008-12-11 15:01:26 -05:00
Joey Hess 63eb9d834e inline: Support emptyfeeds=no option to skip generating empty feeds. 2008-12-11 14:04:38 -05:00
Joey Hess 38f5e3ba69 move feedpages application up
I wanted this nearer to the top, but decided to put it after the
add_depends. Reasoning: It's possible with a combinaton of feedpages and
show options to make @list and @feedlist contain completly differing sets
of pages. We want to add_depends all pages in both sets. We could combine
the two lists and add_depends that, but it's slightly more efficient to
defer reducing @feedlist, and add_depends whichever list is longer.
2008-12-11 13:58:40 -05:00
Joey Hess a990afd2f7 avoid uninitialized value warning 2008-11-18 13:46:03 -05:00
Joey Hess e307eeda3d html escaping complication
Can't escape things to entities if the template then escapes the entities.
(aggregate doesn't have this problem.)
2008-11-18 02:48:24 -05:00
Joey Hess 15269fed64 improve escaping of wikilinks and preprocessor directives
The old method failed for '[' x 3.
2008-11-18 02:43:17 -05:00
Joey Hess 75f262f44d call decode_utf8 inside eval
holger reported that decode_utf8 was crashing with perl 5.8.8. Earlier, I
thought that passing 0 to the function avoided this with old perls, but
that was apparently not enough, it still crashes. So, put it inside the
eval, so we can at least recover from it crashing.
2008-11-17 15:56:15 -05:00
Joey Hess 181bdbe1a9 use HTML::Entities 2008-11-17 14:27:11 -05:00
Joey Hess e8a945845b use perl modules up front
The old code actually did the same thing, just obfuscated -- since the eval
use wasn't quoted, it used the modules on load. Thus, the error (not to
mentioned the return) was bypassed, and it just failed on load.

But that seems like the right thing to do, really, so just made it clearer
that's what happens.
2008-11-17 14:19:15 -05:00
Simon McVittie e7a840ed9a htmlbalance: new plugin that balances tags by parsing and re-serializing 2008-11-17 10:46:21 +00:00
Joey Hess ecd4f0ee55 make unlockwiki drop the cgilock
This is necessary so that things that fork to the background,
like pinger, and inline ping, don't block other cgis from running.

Note that websetup also calls unlockwiki, before refreshing / rebuilding
the wiki. It makes perfect sense for that not to block other cgis.
2008-11-11 20:48:02 -05:00
Joey Hess eef8b966b3 O_CREATE needs mode 2008-11-11 15:53:55 -05:00
Joey Hess 9a48669f1e avoid multiple ikiwiki cgi processes piling up, eating all memory, and thrashing
Fixed by making the cgi wrapper wait on a cgilock.
If you had to set apache's MaxClients low to avoid ikiwiki thrashing
your server, you can now turn it up to a high value.

The downside to this is that a cgi call that doesn't need to call lockwiki
will be serialised by this so only one can run at a time. (For example,
do=search.) There are few such calls, and all of them call loadindex,
so each still eats gobs of memory, so serialising them still seems ok.
2008-11-11 15:40:04 -05:00
Joey Hess 6611f3a2d9 bzr: Fix dates for recentchanges. 2008-11-11 13:44:47 -05:00
Joey Hess 53752bcb5d remove redundant link munge
This is not needed now that tagpage returns a page name starting with a
slash.

(Also fixes a minor bug that the edit links started with double slashes due
to the hack.)
2008-11-10 21:47:29 -05:00
Joey Hess f8a09ba105 tag: Normalize tagbase so leading/trailing slashes in it don't break things. 2008-11-10 19:48:58 -05:00
Joey Hess f0e58faefa Add rel=nofollow to recentchanges_links for the same (weak) reasons it was earlier added to edit links. 2008-11-10 18:05:30 -05:00
Joey Hess 11d377af81 txt: Do not encode quotes when filtering the txt, as that broke later parsing of any directives on the page. 2008-11-06 20:49:18 -05:00
Joey Hess db5ea4d4f0 meta: Plugin is now enabled by default since the basewiki uses it. 2008-11-06 16:08:11 -05:00
Joey Hess ecf2399f4f aggregate: Try to query XML::Feed for the base url when derelevatising links. Since this needs the just released XML::Feed 0.3, as well as a not yet released XML::RSS, it will fall back to the old method if no xml:base info is available. 2008-11-06 16:05:10 -05:00
Joey Hess 42b4abee1d use error for two messages 2008-11-05 01:38:36 -05:00
Joey Hess d71caffb7b preprocess text before htmlizing it 2008-11-02 12:21:15 -05:00
Joey Hess bb841f94f4 format: New plugin, allows embedding differntly formatted text inside a page (ie, otl inside a mdwn page, or syntax highlighted code inside a page). 2008-10-31 16:42:20 -04:00
Joey Hess ae0a9d50be set ctime in --render mode if not known
Avoids some uninitialised value warnings.
2008-10-30 14:50:33 -04:00
Joey Hess 354d22e27b don't rely on plugin load order when determining generated directives
Instead, shortcuts will explicitly be marked as such when registered, and
listdirectives can filter them out.
2008-10-30 13:41:19 -04:00
Joey Hess 33a0e84ddb fix preview of shortcuts
Move shortcut processing back to checkconfig, and avoid it failing if the
srcdir is not defined.
2008-10-29 14:20:31 -04:00
Joey Hess 5b7677faba fix display of error msg 2008-10-29 13:38:26 -04:00
Joey Hess 8530e827b0 git: Allow [[sha1_commit]] to be used in the diffurl, to support cgit. 2008-10-27 14:45:54 -04:00
Joey Hess d3d3999410 do no-op post_commit test in wrapper
This speeds up web commits by 1/4th of a second or so, since perl does
not have to start up for the post commit hook.

perl's locking is completly FuBar, since it's impossible to tell what perl
flock() really does, and thus difficult to write code in other languages
that interoperates with perl's locking. (Let alone interoperating with
existing fcntl locking from perl...)

In this particular case, I think I was able to find a way to avoid the
insanity, mostly. The C code does a true flock(2), and if perl is using an
incompatable lock method that does not use the same locking primative at
the kernel level, then the C code's test will fail, and it will go ahead
and run the perl code. Then the perl code's test will test the right thing.

On Debian, at least lately, perl's flock() does a true flock(2), so the
optimisation does work.
2008-10-26 15:13:04 -04:00
Joey Hess 7ddea03684 move untrusted committer test into the wrapper
This saves around 1/4th second per trusted commit since ikiwiki
doesn't need to start up.
2008-10-26 14:03:18 -04:00
Joey Hess 4a7ac5c251 remember how to write C code
been a while!
2008-10-24 15:49:55 -04:00
Joey Hess 146192d5b0 the pre-receive wrapper needs to be suid after all
It needs to write to the user db.
2008-10-24 15:47:42 -04:00
Joey Hess 761dee41b1 export CALLER_UID 2008-10-24 15:46:29 -04:00
Joey Hess 739e2ca0b4 can't lock wiki due to permissions (probably)
luckily, don't really need to here
2008-10-24 15:02:54 -04:00
Joey Hess 1a883b3c50 include temp file for attachment change too 2008-10-24 13:44:03 -04:00
Joey Hess 0196e1f9fc updates 2008-10-24 13:29:41 -04:00
Joey Hess fbcb8553df really fix calls to check_can* 2008-10-24 13:29:30 -04:00
Joey Hess 85f4b99710 untrusted committers code seems to be fully working
Still need to investigate possible races, and test some more.
2008-10-23 18:05:57 -04:00
Joey Hess f349e4ef36 fix calls to check_*
These throw errors, do not have useful return codes.
2008-10-23 18:05:12 -04:00
Joey Hess ad9e443f22 check_canattach hooked up 2008-10-23 16:56:40 -04:00
Joey Hess 4669eab596 more work on untrusted committers
Wired up check_canedit and check_canremove, still need to deal with
check_canattach, and test.
2008-10-23 16:29:50 -04:00
Joey Hess 094af3d113 initial support for git repos with untrusted committers
Still need to wire up the calls to check_* , but it's cold out here and my
hands are going numb, so enough for now.
2008-10-22 20:52:34 -04:00
Joey Hess e75818572f function injection overhaul
Add an inject function, that can be used by plugins that want to replace
one of ikiwiki's functions with their own version. (This is a scary thing
that grubs through the symbol table, and replaces all exported occurances
of a function with the injected version.)

external: RPC functions can be injected to replace exported functions.

Removed the stupid displaytime hook, and use injection instead.
2008-10-21 17:57:19 -04:00
Joey Hess 327adadf04 disable warnings when redefining functions 2008-10-21 17:03:08 -04:00
Joey Hess ee1ccfa863 use relativedate as the css class for dates that should display relative 2008-10-20 19:22:22 -04:00
Joey Hess a2839de936 tag: When tagpage is set, force the links created by tagging to point at the toplevel tagpage, and not closer subpages.
The html links already went there, but internally the links were not
recorded as absolute, which could cause confusing backlinks etc.

For example, with tagbase=tags, if blog/tags/bar existed and blog/foo was
tagged bar, it would link to /tags/bar. But, the link would be recorded
simply as a link to tags/bar, and so later blog/tags/bar would appear to
have the backlink.
2008-10-20 18:17:03 -04:00
Joey Hess 5e52bfb2e7 inline: Only the last feed link was put on the page, fix this to include all feed links. So rss will be included along with atom, and pages with multiple feeds will get links added for all feeds. 2008-10-20 15:25:45 -04:00
Joey Hess 423fae6f18 Use the pure perl Data::Dumper when generating setup files to ensure that utf-8 characters are written out as such, and not as the encoded perl strings the C Data::Dumper produces.
Note that the text produced by the C version was interpreted fine
when ikiwiki loaded the setup file. But it was not user-friendly.
2008-10-19 21:23:48 -04:00
Joey Hess 3e992b758b Fix issue with utf-8 in wikiname breaking session cookies, by entity-encoding the wikiname in the session cookie. 2008-10-19 21:07:12 -04:00
Joey Hess fd9393ef85 add displaytime hook
Need to use a hook because an exported function cannot be reliably
overridden. The replacement verstion was actually only affecting plugins
loaded after it.

formattime doesn't need a hook, since there's no reason to export it.
2008-10-19 20:12:37 -04:00
Joey Hess db146d9f1e need to use localtime, fix width 2008-10-19 19:39:32 -04:00
Joey Hess 2b569f99d9 fix relativedate timezone inclusion
The machine parseable date needs to include a timezone.

Also, simplified the interface for date display.
2008-10-19 19:21:44 -04:00
Joey Hess 2321906cd7 mark up date so relativedate will work 2008-10-19 15:17:00 -04:00
Joey Hess cb9a695443 fix url 2008-10-17 22:04:43 -04:00
Joey Hess 35c56622ea tweak recentchanges permalink code
Need to handle the case where url is not set.
2008-10-17 21:54:42 -04:00
Joey Hess fdb5da46b0 Patch for anchor-based change permalinks in recent changes feed
from JasonBlevins
2008-10-17 21:49:55 -04:00
Joey Hess 745dc1c62f add missing getsetup hook 2008-10-17 21:29:05 -04:00
Joey Hess 02ec92c6cb make relativedate work for the dates on the recentchanges page
Having a always current relative date on recentchanges is very, very nice.
2008-10-17 21:21:07 -04:00
Joey Hess 7390a7a072 relativedate: New javascript-alicious plugin that makes all dates display relative, in a very nice way, if I say so myself. 2008-10-17 20:47:32 -04:00
Joey Hess 79b376f991 Add an underlay for javascript, and add ikiwiki.js containing some utility code.
* Add an underlay for javascript, and add ikiwiki.js containing some utility
  code.
* toggle: Stop embedding the full toggle code on each page using it, and
  move it to toggle.js in the javascript underlay.
2008-10-17 20:28:18 -04:00
Joey Hess f36080ae02 aggregate: Avoid bug that caused immediate expiration of items with a date in the future. 2008-10-16 18:20:16 -04:00
Joey Hess b8f4b9c799 inline: Use the feed's description in the rss and atom links. Closes: #502113 2008-10-15 14:45:28 -04:00
Joey Hess 02e39bf704 fix prototype 2008-10-14 15:47:19 -04:00
Joey Hess c39112e6ef inline: Allow MTIME to be used in inlinepage.tmpl. 2008-10-14 15:00:46 -04:00
Joey Hess 3b27af4a29 Pass HTTPS variable through the wrapper so that CGI->https can be used by plugins. Closes: #502047 2008-10-13 12:32:16 -04:00
Joey Hess 643c0f1afc optimise url parsing and add guard against failure to parse 2008-10-10 17:09:33 -04:00
Peter Simons f9957d11ed google plugin: Use google.com to search the local site.
Google allows has a nice feature, sitesearch, that allows anyone to
limit search results to a specific site. Obviously, this feature can be
used to provide a search engine for the local ikiwiki site without the
need to install any additional software. Just enable the 'google' plugin
and make sure that --url uses the proper hostname. Thanks to Joey for
helping to get the Perl implementation right.
2008-10-10 17:05:02 -04:00
Joey Hess a473cb2f74 orphans: Fix unquoted page name in regexp. 2008-10-09 19:09:16 -04:00
Joey Hess d3ca495e61 lockedit: Support specifying which users (and IP addresses) a page is locked for. This supports most of the ACL type things users have been wanting to be done. Closes: #443346 (It does not control who can read a page, but that's out of scope for ikiwiki.) 2008-10-08 17:47:38 -04:00
Joey Hess 1e17ea0b65 avoid $_ in a few other for loops
These were probably not currently buggy, but let's avoid bugs being
introduced by the functions called clobbering $_.
2008-10-06 16:19:54 -04:00
Joey Hess fea76a11bc remove: Avoid $_ breakage. (Stupid, stupid perl.)
This avoids another one of those $_ scoping issues where a deep call to a
function that changes $_ clobbers the array that is being looped over.
2008-10-06 16:10:47 -04:00
Joey Hess 3b47dae9ca remove, rename: Allow acting on attachments as a page is being created. 2008-10-02 12:53:53 -04:00
Joey Hess c945952381 attachment: Support adding attachments to pages even as they are being created. 2008-10-02 12:48:06 -04:00
Joey Hess e0fd02acf1 don't special case preview
Whenever the edit form is submitted, but not saved, the page location
select should reduce to the currently selected value. This was only done
when previewing before, but is also needed in order to support the case of
adding an attachment to a page that is just being created.

Before this change, the attachment plugin would get a weird value in
$form->field("page"), that did not reflect the actual page location.
2008-10-02 12:42:46 -04:00
Joey Hess bf386e22f5 inline: Fix handling of rootpage that doesn't exist.
It makes sense to use bestlink to determine which page rootpage refers to,
but if no page matches, just use the raw value.
2008-10-01 17:29:03 -04:00
Joey Hess 826af4600a fix subpage rename bug with indexpages
If indexpages is enabled, then foo/index.mdwn will look like a subpage
of foo, so an additional check is needed to avoid trying to rename it
twice.
2008-10-01 14:43:28 -04:00