Commit Graph

15729 Commits (846fb637af846e0754db9720c864e653621824a9)

Author SHA1 Message Date
Simon McVittie 21418d9a0a Announce 3.20190228 and 3.20170111.1 2019-02-28 14:15:39 +00:00
Simon McVittie 8d7a1e8d9c Add an anchor for /security/#cve-2019-9187 2019-02-28 14:11:20 +00:00
Simon McVittie 9a275b2f18 doc: Document security issues involving LWP::UserAgent
Recommend the LWPx::ParanoidAgent module where appropriate.
It is particularly important for openid, since unauthenticated users
can control which URLs that plugin will contact. Conversely, it is
non-critical for blogspam, since the URL to be contacted is under
the wiki administrator's control.

Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-26 22:21:31 +00:00
Simon McVittie 824cf7db1b po: Always filter .po files
The input to filter hooks is meant to be the content of a source file
on disk. If we only filter once per (page, destpage) pair, and a page
is inlined into the same destpage more than once, then the second
occurrence will render as the result of htmlizing .po source as if
it was Markdown (or whatever the type of the corresponding master page
is), which is never going to end well.

The alreadyfiltered mechanism was added in commit 1e874b3f to avoid
preprocessing loops, but I'm not sure where it could lead to a loop:
filter hooks are only called from IkiWiki::filter, which is only called
on page content from disk or on proposed content being previewed.
According to <https://bugs.debian.org/911356#41>, deleting the
alreadyfiltered mechanism resolves the problem, as well as simplifying
the code.

Closes: #911356
Tested-by: intrigeri
2019-02-24 17:23:34 +00:00
Amitai Schleier 9448685117 Recommend against cvsps3 (haven't tried it). 2019-02-13 23:59:32 -05:00
Simon McVittie c0cd1b3abe Announce v3.20190207
Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-07 11:32:21 +00:00
Simon McVittie 324ee23b9b review 2019-02-03 19:22:07 +00:00
Simon McVittie 79131ddb1a comment 2019-02-03 18:53:23 +00:00
smcv f976e37a79 tag as reviewed 2019-02-03 14:40:29 -04:00
smcv 5ffe09e616 respond 2019-02-03 14:39:51 -04:00
smcv d9a018160f Exclude reviewed patches from this list 2019-02-03 14:28:21 -04:00
Simon McVittie 53cbfb4b5a close 2019-02-03 17:10:45 +00:00
Simon McVittie aa063aeb33 Remove unreachable git repositories
Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-03 16:59:07 +00:00
Simon McVittie 1094c6ecbf Mark as applied
Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-03 16:55:14 +00:00
Antoine Beaupré b760b8f171 remove the "add comment" button from printed media 2019-02-03 16:55:14 +00:00
smcv fe4e7cd3f7 old regexp would have failed for old comment page names 2019-02-03 11:55:34 -04:00
Simon McVittie 4ba3c11592 git-cgi.t: Exercise an alphanumeric, but non-ASCII, root page
My previous attempt to reproduce this bug used a non-alphanumeric
ASCII character. This is not currently considered to be a valid
value for rootpage, although for a "do what I mean" approach, perhaps
we should accept it and pass it through titlepage() or linkpage().

Using Chinese characters (which are considered to match [[:alnum:]]
even though the Chinese script is not, strictly speaking, an alphabet),
as in the original bug report, reproduces the bug.

Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-03 13:27:00 +00:00
smcv cfac01cb41 link to recently-added tests 2019-01-31 16:41:17 -04:00
smcv dbf9a36297 I'm confused about what the bug is, and what's being fixed. Can you give a complete test or example? 2019-01-31 16:38:04 -04:00
Simon McVittie f3103c9d09 close bug 2019-01-31 20:37:07 +00:00
Simon McVittie 3c66dca6ea respond 2019-01-31 20:37:06 +00:00
Simon McVittie 0c2cea7dac Fix syntax and escaping 2019-01-31 20:37:06 +00:00
smcv 3e671d1afa Reset example
This reverts commit 0b53772b99
2019-01-31 15:32:03 -04:00
anarcat 409ba8f0f5 inline is another option of course 2019-01-30 12:33:15 -04:00
anarcat 568cc2f758 show tagging example 2019-01-30 12:32:47 -04:00
anarcat f353a12e39 link to the map plugin, which i find more useful to show tagged pages 2019-01-30 12:29:49 -04:00
dorondd@5f188d26a5727578cbe5901372cc69f1664a852b bbcccdd8f6 2019-01-23 00:53:59 -04:00
Joey Hess 94bfecfb7a
followup 2019-01-21 11:59:08 -04:00
Joey Hess beaebab04b
Merge branch 'master' of ssh://git.ikiwiki.info 2019-01-21 11:44:58 -04:00
Joey Hess 4cb6f48aff
bug report 2019-01-21 11:44:29 -04:00
ntntnt 0b53772b99 2019-01-21 00:34:51 -04:00
Jens 576f8219ec User link and description changed 2019-01-17 14:02:56 -04:00
https://sonata-green.dreamwidth.org/ 22f3ca1072 markdown backquotes 2018-12-24 12:15:32 -04:00
ALEXEIDZ 03b8d219fe 2018-12-16 16:21:52 -04:00
ALEXEIDZ e9bb20a5af 2018-12-16 16:20:16 -04:00
Joey Hess 319b96476b
followup 2018-12-12 10:43:52 -04:00
xuqi bf71bc8119 2018-12-10 05:44:33 -04:00
xuqi 8f6cc132a2 2018-12-10 05:43:58 -04:00
xuqi 53621a4e64 de-indenting 2018-12-10 05:27:58 -04:00
xuqi 86e0838dd4 example for inlining only one level of subpages 2018-12-10 05:27:16 -04:00
tumashu1 95b5ec74a9 fail to inject IkiWiki::showform 2018-12-08 04:08:38 -04:00
jmtd 5a61b2cc97 patch works for me 2018-12-07 06:11:12 -04:00
jmtd 0dbea17e59 ack 2018-12-07 06:05:34 -04:00
tumashu1 38f7131b08 rename and remove plug can not work well with gettext 2018-12-05 02:47:55 -04:00
tumashu1 847e1492ef 2018-12-01 21:42:06 -04:00
tumashu1 f1fdf5bbf8 Suggest let table plugin support a kind of longtable 2018-12-01 21:41:25 -04:00
tumashu1 c7285ec232 2018-12-01 20:56:04 -04:00
tumashu1 82fe20c7cb Add a patch deal with UTF-8 csv table's problem 2018-12-01 20:55:16 -04:00
tumashu1 e4f88dad8f Add a patch decode_utf8 inline's root page 2018-12-01 20:50:04 -04:00
smcv 4eb5f62bc6 add redirection 2018-12-01 17:29:56 -04:00