Commit Graph

2570 Commits (97c1ae2ef38f0602d879f4e391aad4f523e8c47a)

Author SHA1 Message Date
Joey Hess d5199424c5 avoid shelling 2010-06-18 12:50:31 -04:00
Joey Hess 2797a659db mercurial: Fix buggy getctime code.
The file passed to rcs_getctime is already absolute, and it was
trying to stick the srcdir on the front.

Also, eliminated potentially unsafe shelling.
2010-06-18 12:48:05 -04:00
Joey Hess cb4b999297 avoid dying if cannot chdir to an underlaydir 2010-06-17 16:54:03 -04:00
Joey Hess 184f68efa8 Merge branch 'themes' 2010-06-16 19:17:18 -04:00
Joey Hess eff5e233a2 force list context
run_or_die returns a status code in scalar context
2010-06-16 16:07:41 -04:00
Joey Hess 2f3f826b5b force rebuild for theme change
For now, a rebuild is the only way to ensure the changed theme is used.
Ikiwiki normally will not realize style.css has changed, since themes
tend to have the same timestamp for the file.
2010-06-16 15:44:21 -04:00
Joey Hess 062ed44f47 add theme plugin 2010-06-16 15:43:42 -04:00
Joey Hess a748f283ac Encode not used 2010-06-16 15:30:33 -04:00
Joey Hess 69c22fa1ea attachment: Support Windows paths when taking basename of client-supplied file name. 2010-06-16 13:23:32 -04:00
Joey Hess da2be6e85c git: Gix --gettime to properly support utf8 filenames.
In passing, fixed a bug where the srcdir was in a subdir of a repository
named "0".
2010-06-15 23:21:55 -04:00
Joey Hess 5f33532468 Make --gettime be honored after initial setup.
Bugfix in passing: New files not treated as such when no rcs is used.
2010-06-15 22:56:06 -04:00
Joey Hess a298959888 fix other cases of unicode mixing issue
and fix underlaydir override attack guard when srcdir is non-absolute
2010-06-15 17:41:26 -04:00
Joey Hess 86a43aefb4 Fix issues with combining unicode srcdirs and source files.
A short story:

  Once there was a unicode string, let's call him Srcdir.

  Along came a crufy old File::Find, who went through a tree and pasted each
  of the leaves in turn onto Srcdir. But this 90's relic didn't decode the
  leaves -- despite some of them using unicode! Poor Srcdir, with these
  leaves stuck on him, tainted them with his nice unicode-ness. They didn't
  look like leaves at all, but instead garbage.

(In other words, perl's unicode support sucks mightily, and drives
us all to drink and bad storytelling. But we knew that..)

So, srcdir is not normally flagged as unicode, because typically it's pure
ascii. And in that case, things work ok; File::Find finds filenames, which
are not yet decoded to unicode, and appends them to the srcdir, and then
decode_utf8 happily converts the whole thing.

But, if the srcdir does contain utf8 characters, that breaks. Or, if a Yaml
setup file is used, Yaml::Syck's implicitunicode sets the unicode flag of
*all* strings, even those containing only ascii. In either case, srcdir
has the unicode flag set; a non-decoded filename is appended, and the flag
remains set; and decode_utf8 sees the flag and does *nothing*. The result
is that the filename is not decoded, so looks valid and gets skipped.

File::Find only sticks the directory and filenames together in no_chdir
mode .. but we need that mode for security. In order to retain the
security, and avoid the problem, I made it not pass srcdir to File::Find.
Instead, chdir to the srcdir, and pass ".". Since "." is ascii, the problem
is avoided.

Note that chdir srcdir is safe because we check for symlinks in the srcdir
path.

Note that it takes care to chdir back to the starting location. Because
the user may have specified relative paths and so staying in the srcdir
might break. A relative path could even be specifed for an underlay dir, so
it chdirs back after each.
2010-06-15 17:13:46 -04:00
Joey Hess 69383fb6b0 Fix issues with combining unicode srcdirs and source files.
A short story:

  Once there was a unicode string, let's call him Srcdir.

  Along came a crufy old File::Find, who went through a tree and pasted each
  of the leaves in turn onto Srcdir. But this 90's relic didn't decode the
  leaves -- despite some of them using unicode! Poor Srcdir, with these
  leaves stuck on him, tainted them with his nice unicode-ness. They didn't
  look like leaves at all, but instead garbage.

In other words, perl's unicode support sucks mightily, and drives
us all to drink and bad storytelling. But we knew that..

So, srcdir is not normally flagged as unicode, because typically it's pure
ascii. And in that case, things work ok; File::Find finds filenames, which
are not yet decoded to unicode, and appends them to the srcdir, and then
decode_utf8 happily converts the whole thing.

But, if the srcdir does contain utf8 characters, that breaks. Or, if a Yaml
setup file is used, Yaml::Syck's implicitunicode sets the unicode flag of
*all* strings, even those containing only ascii. In either case, srcdir
has the unicode flag set; a non-decoded filename is appended, and
decode_utf8 sees the flag and does *nothing*. The result is that the
filename is not decoded, so looks valid and gets skipped.

File::Find only sticks the directory and filenames together in no_chdir
mode .. but we need that mode for security. In order to retain the
security, and avoid the problem, I made it not pass srcdir to File::Find.
Instead, chdir to the srcdir, and pass ".". Since "." is ascii, the problem
is avoided.

Note that it takes care to chdir back to the starting location. Because
the user may have specified relative paths and so staying in the srcdir
might break. A relative path could even be specifed for an underlay dir, so
it chdirs back after each.
2010-06-15 16:40:37 -04:00
Joey Hess d541cc854a calendar: Tune archive_pagespec to only match pages, not other files. 2010-06-15 13:38:19 -04:00
Joey Hess c0bc2d0839 editpage, comments: Fix broken links in sidebar (due to forcebaseurl). (Thanks, privat) 2010-06-14 14:34:52 -04:00
Joey Hess 9f7a118ffc more symetric enable/disable
Removing a plugin from add_plugins is not always enough to disable it.
It may have been redundantly added there and also pulled in via goodstuff.
Always add didabled plugins to disable_plugins.
2010-06-13 10:25:17 -04:00
Joey Hess 17592a951b websetup: Allow enabling plugins listed in disable_plugins.
The bug here was that disabling a plugin included thru goodstuff, like
htmlscrubber, caused it to be added to disable_plugins, and those plugins
were never loaded, so could not be re-enabled. Fix by allowing them to be
force loaded when appropriate. (Also that allows disabled plugins to still
record their setup options when dumping a setup file.)
2010-06-13 10:21:19 -04:00
Joey Hess c65658eeb5 attachment: When inserting links, insert img directives for images, if that plugin is enabled. 2010-06-12 23:00:30 -04:00
Joey Hess 35a0715b9a avoid ugly warning if size="" is specified 2010-06-12 22:59:46 -04:00
Joey Hess dccd764871 edittemplate: Look for template pages under templates/ like everything else (still looks in old location for backwards compatability). 2010-06-12 22:43:34 -04:00
Joey Hess c225cdad25 edittemplate: Make silent mode not disable display when the template page does not exist, so it can be easily created. 2010-06-12 22:20:22 -04:00
Joey Hess 31fa7714e7 editpage: Rename "comments" field to avoid CSS conflict with the comments div. 2010-06-12 18:10:33 -04:00
Joey Hess d7cfcef54a img: Support hspace and vspace attributes. 2010-06-12 16:43:24 -04:00
Joey Hess 9923f5db65 attachment: Show files from underlay in attachments list.
While those files cannot be removed or renamed, this allows easy
downloading of them, and a new version can after all be uploaded.
2010-06-12 14:29:56 -04:00
Joey Hess d5181a1977 realm is an url pattern 2010-06-11 14:14:20 -04:00
Joey Hess 475b4199e1 openid: Add openid_realm and openid_cgiurl configuration options, useful in a few edge case setups. 2010-06-11 13:53:56 -04:00
Joey Hess 04ff998c51 calendar styling
* calendar: Shorten day names, and improve styling of month calendar.
* style.css: Reduced sidebar width back to 20ex from 30; the month calendar
  will now fit in the smaller width, and 30 was feeling too large.
2010-06-10 15:07:28 -04:00
Joey Hess 1bdf98a4a0 let's allow comments of "0" 2010-06-09 17:47:49 -04:00
Joey Hess 24b59b3a9e editpage: Avoid storing accidental state changes when previewing pages.
This is a slow, safe, stupid approach. Could make deep copies of the data
structures as backups instead of re-loading the index from disk.
2010-06-09 17:44:40 -04:00
Joey Hess b2327cfae4 improve preview mode comments 2010-06-09 17:43:20 -04:00
Joey Hess e93cee3378 Fix display of sidebar when previewing page edit. (Thanks, privat)
On second thought, only display a page's personal sidebar when previewing
it, not when editing normally.
2010-06-09 16:59:17 -04:00
Joey Hess 95b45864de relativedate: Fix problem with localised dates not working. 2010-06-09 16:16:48 -04:00
Joey Hess e96cf38ecc When editing a page, show that page's sidebar. (Thanks, privat) 2010-06-09 16:00:12 -04:00
Joey Hess 0ccf21daaf img: Fill in missing height or width when scaling image. 2010-06-08 21:13:46 -04:00
Joey Hess 3d769f7849 fix uninitalized value warning 2010-05-21 18:03:21 -04:00
Joey Hess 6472302b8d disable warnings when evaling setup files
In particular, perl warns if a qw{} contains a #, but openids can.

If the setup file has 'use warnings', it will turn warning messages back
on, so it seems reasonable to squelch them by default.
2010-05-21 13:39:07 -04:00
Joey Hess 14de1d87ef Fix a typo in the last release. 2010-05-18 14:16:58 -04:00
Joey Hess baaa176b9b simplify example
I've seen user(http://*) confuse someone who didn't know pagespecs to think
that just http://* would moderate all comments to every page, or something
like that.
2010-05-18 13:36:51 -04:00
Joey Hess 7aa209f1ce Fix a bug that prevented matching deleted comments, and so did not update pages that had contained them.
Problem is that by the time rendering calls render_dependent, %pagesources
has had deleted files removed from it. So match_comment's lookup of
files in there to see if they had the _comment extension failed.

I had to introduce a hash that temporarily holds filenames of deleted pages
to fix this.

Note that unlike comment(), internal() had avoided this pitfall by being
defined to match both internal and non-internal pages.
2010-05-18 13:32:28 -04:00
Joey Hess facc77e109 force scalar context 2010-05-17 17:06:13 -04:00
Joey Hess 8e77dc1c9c fix typo 2010-05-15 23:54:00 -04:00
Joey Hess ff67a31db5 Revert "avoid showing comment post stuff on dynamic pages"
This reverts commit 4a6d5330e5.

That was too ugly, the DYNAMIC test on page.tmpl will avoid the problem
anyway -- just needs to be added.
2010-05-15 22:38:59 -04:00
Joey Hess 4a6d5330e5 avoid showing comment post stuff on dynamic pages
If the site is configured to allow comments on *, then the comment post
interface was being added to cgi pages like signin and prefs. This fixes it
w/o requiring more page.tmpl changes. The pagetemplate hook is called by
misctemplate with an empty page name for dynamic pages.
2010-05-15 22:28:07 -04:00
Joey Hess c8b34aa31c allow misctemplate callers to pass params to suppress actions etc
Suppress disiplay of small search for on search results page, and of
Prefrences link on prefs page.
2010-05-14 21:45:54 -04:00
Joey Hess 4c6fa6413f avoid showing redundant search box on search results page 2010-05-14 21:42:48 -04:00
Joey Hess f69c072d8a better misctemplate splitting sequence 2010-05-14 21:40:30 -04:00
Joey Hess 3dd98a3b3f put back recentchangesurl
On second thought, misctemplate can use pagetemplate hooks to provide
it, so it's better to keep back-compat, and allow full customisation
of how it's displayed via the template.
2010-05-14 20:38:08 -04:00
Joey Hess d80a649073 bugfix 2010-05-14 20:29:16 -04:00
Joey Hess bbe971881a refactor template actions 2010-05-14 20:20:41 -04:00