9a6005a212
editpage: factor out checksessionexpiry into IkiWiki::CGI
2008-12-11 21:14:03 +00:00
cb5aaa3cee
htmlbalance: don't compact whitespace, and set misc other options
...
Not compacting whitespace is the most important one: now that we run
sanitize hooks on individual posted comments in the comments plugin,
whitespace that is significant to Markdown (but not HTML) is lost.
2008-12-11 21:14:03 +00:00
249ea2ed75
comments: remove allowhtml option, just switch it on all the time
...
Now that posts are individually sanitized, that should be safe.
2008-12-11 21:14:03 +00:00
4663f364bb
comments: load inline and mdwn lazily
2008-12-11 21:14:03 +00:00
9d92fd5eb0
comments: don't rely on mdwn getting loaded first
2008-12-11 21:14:03 +00:00
ebe140201e
comments: sanitize the body of each comment before posting it
...
This should ensure that users can't "break out" from the enclosing
<div>, making it impossible to forge comments (assuming htmlscrubber
is enabled, and so is either htmlbalance or htmltidy).
2008-12-11 21:14:03 +00:00
57e40b9ce5
Fix typo that led to comments being blanked
2008-12-11 21:14:02 +00:00
3d4aa065d6
postcomment: Rename plugin to comments, use *._comment files
...
The PageSpec is still called "postcomment" since that's what it means.
2008-12-11 21:14:02 +00:00
3c9ccb406b
Rename smcvpostcomment plugin to postcomment to propose for inclusion
2008-12-11 21:14:02 +00:00
b7db3444a5
smcvpostcomment: allow commenting to be closed
2008-12-11 21:14:02 +00:00
f49603bf86
smcvpostcomment: import other plugins lazily and remove unnecessary use of CGI
2008-12-11 21:14:02 +00:00
442e4e7e12
smcvpostcomment: allow inlining to be disabled, and pass through atom etc. better
2008-12-11 21:14:02 +00:00
bb4eb07bdd
smcvpostcomment: make allowhtml etc. configurable, and don't allow commenting on pages where comments have never been allowed
2008-12-11 21:14:02 +00:00
d18adfb1ad
smcvpostcomment: indicate in form whether HTML and directives are allowed
2008-12-11 21:14:02 +00:00
1bd1b03766
smcvpostcomment: remove HTML if not allowed
2008-12-11 21:14:02 +00:00
660a4ef151
smcvpostcomment: always allow wikilinks, and do access control
...
wikilinks are harmless, so we might as well allow them.
Access control for this plugin is a bit odd, since we specifically
don't want to allow comments to be edited - so the check is whether the
user is allowed to edit a deliberately invalid page name,
page/commented/on[smcvpostcomment]. You can put smcvpostcomment(*)
or smcvpostcomment(some/subdir/*) in $config{anonok_pagespec}
or the opposite in $config{locked_pages} to allow "editing" (really
just posting) comments.
2008-12-11 21:14:02 +00:00
798dea2033
smcvpostcomment: reduce length of subject field
2008-12-11 21:14:02 +00:00
29862a8cc8
smcvpostcomment: explain what $fake is for
2008-12-11 21:14:01 +00:00
42b15f7633
smcvpostcomment: avoid warnings if form field 'body' is undef
2008-12-11 21:14:01 +00:00
e65c7b73af
smcvpostcomment: load inline plugin more forcibly
2008-12-11 21:14:01 +00:00
49835784d8
smcvpostcomment: use better names for special comment files
2008-12-11 21:14:01 +00:00
bd8c4674a8
smcvpostcomment: use gettext where appropriate
2008-12-11 21:14:01 +00:00
f77f7a02a6
Add initial version of a postcomment plugin (temporarily namespaced as smcvpostcomment)
2008-12-11 21:14:01 +00:00
b67632cdcd
inline: Support feedfile option to change the filename of the feed generated.
2008-12-11 15:01:26 -05:00
63eb9d834e
inline: Support emptyfeeds=no option to skip generating empty feeds.
2008-12-11 14:04:38 -05:00
38f5e3ba69
move feedpages application up
...
I wanted this nearer to the top, but decided to put it after the
add_depends. Reasoning: It's possible with a combinaton of feedpages and
show options to make @list and @feedlist contain completly differing sets
of pages. We want to add_depends all pages in both sets. We could combine
the two lists and add_depends that, but it's slightly more efficient to
defer reducing @feedlist, and add_depends whichever list is longer.
2008-12-11 13:58:40 -05:00
a990afd2f7
avoid uninitialized value warning
2008-11-18 13:46:03 -05:00
e307eeda3d
html escaping complication
...
Can't escape things to entities if the template then escapes the entities.
(aggregate doesn't have this problem.)
2008-11-18 02:48:24 -05:00
15269fed64
improve escaping of wikilinks and preprocessor directives
...
The old method failed for '[' x 3.
2008-11-18 02:43:17 -05:00
75f262f44d
call decode_utf8 inside eval
...
holger reported that decode_utf8 was crashing with perl 5.8.8. Earlier, I
thought that passing 0 to the function avoided this with old perls, but
that was apparently not enough, it still crashes. So, put it inside the
eval, so we can at least recover from it crashing.
2008-11-17 15:56:15 -05:00
181bdbe1a9
use HTML::Entities
2008-11-17 14:27:11 -05:00
e8a945845b
use perl modules up front
...
The old code actually did the same thing, just obfuscated -- since the eval
use wasn't quoted, it used the modules on load. Thus, the error (not to
mentioned the return) was bypassed, and it just failed on load.
But that seems like the right thing to do, really, so just made it clearer
that's what happens.
2008-11-17 14:19:15 -05:00
e7a840ed9a
htmlbalance: new plugin that balances tags by parsing and re-serializing
2008-11-17 10:46:21 +00:00
6611f3a2d9
bzr: Fix dates for recentchanges.
2008-11-11 13:44:47 -05:00
53752bcb5d
remove redundant link munge
...
This is not needed now that tagpage returns a page name starting with a
slash.
(Also fixes a minor bug that the edit links started with double slashes due
to the hack.)
2008-11-10 21:47:29 -05:00
f8a09ba105
tag: Normalize tagbase so leading/trailing slashes in it don't break things.
2008-11-10 19:48:58 -05:00
f0e58faefa
Add rel=nofollow to recentchanges_links for the same (weak) reasons it was earlier added to edit links.
2008-11-10 18:05:30 -05:00
11d377af81
txt: Do not encode quotes when filtering the txt, as that broke later parsing of any directives on the page.
2008-11-06 20:49:18 -05:00
db5ea4d4f0
meta: Plugin is now enabled by default since the basewiki uses it.
2008-11-06 16:08:11 -05:00
ecf2399f4f
aggregate: Try to query XML::Feed for the base url when derelevatising links. Since this needs the just released XML::Feed 0.3, as well as a not yet released XML::RSS, it will fall back to the old method if no xml:base info is available.
2008-11-06 16:05:10 -05:00
42b4abee1d
use error for two messages
2008-11-05 01:38:36 -05:00
d71caffb7b
preprocess text before htmlizing it
2008-11-02 12:21:15 -05:00
bb841f94f4
format: New plugin, allows embedding differntly formatted text inside a page (ie, otl inside a mdwn page, or syntax highlighted code inside a page).
2008-10-31 16:42:20 -04:00
354d22e27b
don't rely on plugin load order when determining generated directives
...
Instead, shortcuts will explicitly be marked as such when registered, and
listdirectives can filter them out.
2008-10-30 13:41:19 -04:00
33a0e84ddb
fix preview of shortcuts
...
Move shortcut processing back to checkconfig, and avoid it failing if the
srcdir is not defined.
2008-10-29 14:20:31 -04:00
8530e827b0
git: Allow [[sha1_commit]] to be used in the diffurl, to support cgit.
2008-10-27 14:45:54 -04:00
146192d5b0
the pre-receive wrapper needs to be suid after all
...
It needs to write to the user db.
2008-10-24 15:47:42 -04:00
1a883b3c50
include temp file for attachment change too
2008-10-24 13:44:03 -04:00
0196e1f9fc
updates
2008-10-24 13:29:41 -04:00
85f4b99710
untrusted committers code seems to be fully working
...
Still need to investigate possible races, and test some more.
2008-10-23 18:05:57 -04:00
Simon McVittie
Joey Hess