Commit Graph

20564 Commits (976d61f6af67eb8b733f8dc55a50b324768f0c23)

Author SHA1 Message Date
https://launchpad.net/~skellat 30341bfecc Open up the discussion 2019-06-02 00:56:41 -04:00
Amitai Schleier 4d06df9583 Catch up to highlight 3.51 API change.
As of 3.51, searchFile() is no longer provided in highlight's Perl
bindings (at least on NetBSD and OS X, as built from pkgsrc). This
leaves us falling through to getConfDir(), which has been gone
rather longer.

From highlight git, it appears searchFile() and getFiletypesConfPath()
both originated in the 3.14 release. The latter is still available in
3.51, and returns the same result searchFile() used to. Switch to it.
2019-05-26 23:45:19 -04:00
canvon f4213094b2 Add my ikiwiki/blog 2019-05-21 09:19:34 -04:00
jsewell@560d759be38e126eba7f1c40503adf786fa28229 d43358ac58 2019-05-10 13:26:11 -04:00
jsewell@560d759be38e126eba7f1c40503adf786fa28229 1b2a2a2b8e 2019-05-07 11:05:05 -04:00
Amitai Schleier 91f4849e65 Response to jsewell's bug report. 2019-05-06 07:43:17 -04:00
second-try-ikilogin@ac12e40a987a7e7baaf5623cd9a082f9925fb4a1 7ea3ba5b39 2019-05-05 21:48:31 -04:00
jsewell@560d759be38e126eba7f1c40503adf786fa28229 01563a8fe1 2019-04-29 10:19:12 -04:00
jmtd 6033b62dcc add gitbranch template, prompted by Integeri. Thanks 2019-04-24 15:19:32 -04:00
intrigeri 49d095f13f Fix syntax. 2019-04-10 17:02:16 -04:00
intrigeri 0f008fb0e6 Submit branch for review. 2019-04-10 17:01:07 -04:00
jmtd 9cfbbb3b33 update my comment to reflect new commits on that branch 2019-03-30 17:34:11 -04:00
jmtd b532bbc1c4 initial implementation (I was unable to use untrusted git push to add this comment) 2019-03-29 07:17:45 -04:00
mike@8d1a742254a41aaff8dd19404183dce96fac24ba 60466f11ee 2019-03-06 20:05:56 -04:00
krukova.ann@14e9655c363b07d848ae6d37ce799ad41f0c51fb a80d5248ea 2019-03-06 06:59:07 -04:00
krukova.ann@14e9655c363b07d848ae6d37ce799ad41f0c51fb 5a6ebfdb2d 2019-03-06 06:57:50 -04:00
Simon McVittie 846fb637af Merge remote-tracking branch 'origin/master' 2019-02-28 18:03:18 +00:00
Simon McVittie 21418d9a0a Announce 3.20190228 and 3.20170111.1 2019-02-28 14:15:39 +00:00
Simon McVittie 8d7a1e8d9c Add an anchor for /security/#cve-2019-9187 2019-02-28 14:11:20 +00:00
Simon McVittie 25c69da42c Prepare 3.20190228 for future release 2019-02-26 23:01:54 +00:00
Simon McVittie 9a275b2f18 doc: Document security issues involving LWP::UserAgent
Recommend the LWPx::ParanoidAgent module where appropriate.
It is particularly important for openid, since unauthenticated users
can control which URLs that plugin will contact. Conversely, it is
non-critical for blogspam, since the URL to be contacted is under
the wiki administrator's control.

Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-26 22:21:31 +00:00
Simon McVittie d283e4ca1a useragent: Automatically choose whether to use LWPx::ParanoidAgent
The simple implementation of this, which I'd prefer to use, would be:
if we can import LWPx::ParanoidAgent, use it; otherwise, use
LWP::UserAgent.

However, aggregate has historically worked with proxies, and
LWPx::ParanoidAgent quite reasonably refuses to work with proxies
(because it can't know whether those proxies are going to do the same
filtering that LWPx::ParanoidAgent would).

Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-26 22:21:27 +00:00
Simon McVittie 67543ce1d6 useragent: Don't allow non-HTTP protocols to be used
This prevents the aggregate plugin from being used to read the contents
of local files via file:/// URLs.

Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-26 21:44:07 +00:00
anarcat 812491d764 This reverts commit 727147aa6e 2019-02-26 01:35:32 -04:00
machine_brain 727147aa6e 2019-02-25 20:01:58 -04:00
Simon McVittie e7b0d4a0ff useragent: Raise an exception if the LWP module can't be loaded
Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-24 18:49:58 +00:00
Simon McVittie 824cf7db1b po: Always filter .po files
The input to filter hooks is meant to be the content of a source file
on disk. If we only filter once per (page, destpage) pair, and a page
is inlined into the same destpage more than once, then the second
occurrence will render as the result of htmlizing .po source as if
it was Markdown (or whatever the type of the corresponding master page
is), which is never going to end well.

The alreadyfiltered mechanism was added in commit 1e874b3f to avoid
preprocessing loops, but I'm not sure where it could lead to a loop:
filter hooks are only called from IkiWiki::filter, which is only called
on page content from disk or on proposed content being previewed.
According to <https://bugs.debian.org/911356#41>, deleting the
alreadyfiltered mechanism resolves the problem, as well as simplifying
the code.

Closes: #911356
Tested-by: intrigeri
2019-02-24 17:23:34 +00:00
Amitai Schleier 9448685117 Recommend against cvsps3 (haven't tried it). 2019-02-13 23:59:32 -05:00
Simon McVittie c0cd1b3abe Announce v3.20190207
Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-07 11:32:21 +00:00
Simon McVittie abaaee4af3 Prepare new release
Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-07 11:08:41 +00:00
Simon McVittie 324ee23b9b review 2019-02-03 19:22:07 +00:00
Simon McVittie 79131ddb1a comment 2019-02-03 18:53:23 +00:00
smcv f976e37a79 tag as reviewed 2019-02-03 14:40:29 -04:00
smcv 5ffe09e616 respond 2019-02-03 14:39:51 -04:00
smcv d9a018160f Exclude reviewed patches from this list 2019-02-03 14:28:21 -04:00
Simon McVittie 53cbfb4b5a close 2019-02-03 17:10:45 +00:00
Antoine Beaupré d16e34c736 append javascript after CSS
Javascript resources should be presented to browsers after CSS, and
"after the fold" (ATF) according to the best practices:

https://developers.google.com/speed/docs/insights/mobile#PutStylesBeforeScripts

This change allows the browser to download Javascript files in
parallel, by including Javascript on the *closing* </body> tag instead
of the opening tag.

We also improve the regex to tolerate spaces before the body tag, as
some templates have (proper) indentation for the tag.
2019-02-03 17:01:55 +00:00
Simon McVittie aa063aeb33 Remove unreachable git repositories
Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-03 16:59:07 +00:00
Simon McVittie 1094c6ecbf Mark as applied
Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-03 16:55:14 +00:00
Antoine Beaupré b760b8f171 remove the "add comment" button from printed media 2019-02-03 16:55:14 +00:00
Amitai Schleier d7777f12df Add a missing changelog entry. 2019-02-03 10:34:43 -06:00
Simon McVittie 58fed0178c Update changelog
Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-03 16:27:38 +00:00
Jelmer Vernooij a79bce4e66 Allow Breezy as alternative to Bazaar.
(cherry picked from commit a07f048d9fc99928ebbb74b34f5d1932ff3d7884)
2019-02-03 16:21:38 +00:00
Simon McVittie 278678b42f comments.t: Assert that comments get permalink metadata
Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-03 16:18:18 +00:00
Simon McVittie 4ac930380b comments.t: Exercise post-2009 comment naming
Since commit 6af6c89d, comments are in files whose names contain a hash.

Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-03 16:18:18 +00:00
smcv fe4e7cd3f7 old regexp would have failed for old comment page names 2019-02-03 11:55:34 -04:00
Simon McVittie 4ba3c11592 git-cgi.t: Exercise an alphanumeric, but non-ASCII, root page
My previous attempt to reproduce this bug used a non-alphanumeric
ASCII character. This is not currently considered to be a valid
value for rootpage, although for a "do what I mean" approach, perhaps
we should accept it and pass it through titlepage() or linkpage().

Using Chinese characters (which are considered to match [[:alnum:]]
even though the Chinese script is not, strictly speaking, an alphabet),
as in the original bug report, reproduces the bug.

Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-03 13:27:00 +00:00
Feng Shu e8dea1b924 Fix inline plugin for non-ASCII rootpage 2019-02-03 13:15:35 +00:00
Simon McVittie 67c7542672 t: Exercise Chinese and Cyrillic page titles
Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-03 13:07:01 +00:00
Simon McVittie 15ddbb1c70 trail: Allow unescaped punctuation in pagenames
By processing the pagenames through linkpage, we let users specify
page names that contain non-alphanumerics in a more natural way.

Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-03 12:52:42 +00:00