Simon McVittie
4fe6dd0551
request more information
2017-06-22 15:37:19 +01:00
Joey Hess
52a9d23e2c
add bug report originally emailed to me by Peter Simons
2017-06-22 09:55:27 -04:00
Simon McVittie
fee378f056
Announce 3.20170622
2017-06-22 10:55:32 +01:00
Simon McVittie
453e07fd9f
meta: Specifically document [[!meta foo:bar="baz"]] as not working
2017-06-22 09:19:02 +01:00
j@d945f5982c686dda5ab7bc2ef45e09d388233fad
63e6fa68b0
2017-06-20 19:03:02 -04:00
alicef
18c4559f4e
2017-06-12 17:14:22 -04:00
https://tylercipriani.com/
15278cad15
Ensure repo gets picked up by gitremotes script
2017-06-02 08:55:00 -04:00
https://tylercipriani.com/
e8ca4e5b8c
Add jsonfeed patch
2017-06-01 19:26:28 -04:00
https://tylercipriani.com/
07f0f84a8e
Add thcipriani repository
2017-06-01 19:17:04 -04:00
https://tylercipriani.com/
d64ce01e0a
Add my user page
2017-06-01 19:15:33 -04:00
smcv
af501e9e14
current headinganchors does not damage headings' attributes, although it does not act on those headings
2017-06-01 10:03:51 -04:00
smcv
d20dd0c97e
2017-06-01 09:59:36 -04:00
smcv
2f765597de
resolved
2017-06-01 09:48:10 -04:00
anarcat
bbf2d13ae3
response
2017-06-01 09:14:23 -04:00
anarcat
1bb8301ad6
response
2017-06-01 09:02:26 -04:00
https://me.yahoo.com/a/GwQv.Tw.p_ux8p4eLf9CkcwYsQ--#2fdeb
5c57e46dd5
2017-05-26 22:25:07 -04:00
smcv
25ba5d260c
Added a comment: Please do not patch out the symlink check
2017-05-26 02:20:23 -04:00
mail@b2ae8518bb6eba14728f86acae7830e4c2d9943d
4bb6132283
Added a comment: git-annex support
2017-05-25 10:43:20 -04:00
openmedi
11b9eb0c19
2017-05-25 07:30:47 -04:00
smcv
b29efcb4c6
Added a comment: I suggest asking macOS/brew people
2017-05-22 07:02:44 -04:00
qazwsx
88ca349cd1
2017-05-21 19:23:36 -04:00
qazwsx
aeb9317387
2017-05-21 19:22:54 -04:00
openmedi
dbb06580d5
Added a comment
2017-05-19 11:32:18 -04:00
smcv
8503f8ddaa
Suggested syntax does work, and has a test
2017-05-19 09:57:28 -04:00
smcv
778d9e50d4
Document the special case for [[!meta name=foo content=bar]]
2017-05-19 09:50:52 -04:00
smcv
1e4e51754e
it is (meant to be) possible, just not with that syntax
2017-05-19 09:43:08 -04:00
fmarier
219134beff
2017-05-18 13:33:44 -04:00
bma@d2ddf927e0bde7166ad151d794bee58589bedb40
da0900649c
long out of date
2017-05-16 08:59:37 -04:00
Simon McVittie
01f2a84360
color: Use markup for the preserved CSS, not character data
...
This still smuggles it past the sanitize step, but avoids having
other plugins that want to capture text content without markup
(notably toc) see the CSS as if it was text content.
2017-05-16 12:08:55 +01:00
smcv
6ab4dee728
we should prefer existing IDs and only act as a fallback
2017-05-16 05:38:02 -04:00
smcv
81221cb030
cross-reference i18nheadinganchors
2017-05-16 05:26:25 -04:00
smcv
ab793c1db0
correct ID syntax
2017-05-16 05:17:57 -04:00
smcv
5150874861
browsers and specifications support more Unicode than we give them credit for
2017-05-16 05:17:00 -04:00
smcv
cad72ecfad
close
2017-05-16 04:27:56 -04:00
Simon McVittie
787fb8b058
Prune dead links
2017-05-16 08:55:24 +01:00
Simon McVittie
9858519cc5
Reinstate a git repo that has come back
2017-05-16 08:55:24 +01:00
smcv
55ae3c7368
Added a comment
2017-05-16 03:29:33 -04:00
Simon McVittie
4fd5f7d910
Clarify documentation
2017-05-16 08:28:04 +01:00
Simon McVittie
c72dc5ddb7
mdwn: Don't enable alphabetically labelled ordered lists by default
...
This avoids misinterpreting initials ("C. S. Lewis was an author"),
the abbreviation for Monsieur ("M. Descartes was a philosopher") and
German page numbering ("S. 42") as ordered lists if they happen to
begin a line.
This only affects the default Discount implementation: Text::Markdown
and Text::MultiMarkdown do not have this feature anyway. A new
mdwn_alpha_list option can be used to restore the old interpretation.
2017-05-16 08:09:15 +01:00
qazwsx
94316fca54
Added a comment
2017-05-15 02:19:37 -04:00
Simon McVittie
4db4e589e4
mdwn: Enable footnotes by default when using Discount
...
A new mdwn_footnotes option can be used to disable footnotes in
MultiMarkdown and Discount.
2017-05-14 18:16:53 +01:00
Simon McVittie
81c3258269
mdwn: Don't mangle <style> into <elyts> under some circumstances
...
We can ask libdiscount not to elide <style> blocks, which means we
don't have to work around them.
2017-05-14 17:45:55 +01:00
Simon McVittie
31c89db246
httpauth: If REMOTE_USER is empty, behave as though it was unset
...
A frequently cut-and-pasted HTTP basic authentication configuration
for nginx sets it to the empty string when not authenticated, which
is not useful.
2017-05-14 15:37:45 +01:00
Simon McVittie
59daf36cb2
httpauth: Recommend if_not_empty parameter for REMOTE_USER
...
This is untested, but should hopefully avoid the failure mode
described in [[bugs/Anon_edit_caused_lock_out_on_entire_site_]].
2017-05-14 15:36:26 +01:00
smcv
365a930c2c
complete last paragraph
2017-05-14 08:31:49 -04:00
smcv
f6fc4543fb
I have a theory
2017-05-14 08:20:49 -04:00
smcv
1f2f8d5f77
Added a comment
2017-05-14 08:01:09 -04:00
smcv
75f905a18a
2017-05-14 07:53:24 -04:00
smcv
65fe86e6f3
recommend discount over multimarkdown
2017-05-14 07:51:56 -04:00
smcv
b14e3456dd
multimarkdown: it's a trap!
2017-05-14 07:47:42 -04:00
smcv
50fb6f8b95
Added a comment: Use an underlay instead
2017-05-14 07:37:14 -04:00
smcv
b047fc3757
removed
2017-05-14 07:28:50 -04:00
smcv
f56e365dd0
Added a comment: You can do almost this with an underlay
2017-05-14 07:27:54 -04:00
smcv
02b4fb50c9
Added a comment
2017-05-14 07:00:48 -04:00
smcv
74d99b0063
Added a comment: you can't use and/or/! inside the page() parameter, move them outside
2017-05-14 06:49:54 -04:00
smcv
d49aefdb19
fix syntax
2017-05-14 06:41:21 -04:00
Joe Rayhawk
b919f1c3d4
Piny: mothballing
2017-05-13 09:23:56 -07:00
STrRedWolf
de347f9f6c
2017-05-10 20:52:32 -04:00
qazwsx
69a0f01355
2017-05-09 13:45:51 -04:00
DataComputist
708023250a
Added a comment
2017-05-08 17:16:18 -04:00
DataComputist
587d5dc874
2017-05-08 14:04:22 -04:00
desci
cd651030ea
Updating links
2017-05-01 15:18:15 -04:00
desci
187c5a259c
Updating links
2017-05-01 15:14:33 -04:00
openmedi
d00ddc9aea
Added a comment
2017-04-18 09:13:42 -04:00
openmedi
d16946c950
2017-04-18 08:19:44 -04:00
STrRedWolf
3f709fab6c
Initial commit.
2017-04-16 17:38:24 -04:00
STrRedWolf
42bfe31b8a
2017-04-16 16:53:43 -04:00
STrRedWolf
d090696696
First time theme help needed.
2017-04-16 16:53:21 -04:00
anarcat
defdf8544f
add list of pending patches
2017-04-13 09:27:10 -04:00
anarcat
76001618c2
mark this as a real plugin: forgot the plugin template!
2017-04-13 09:23:21 -04:00
anarcat
2c0f52cd48
mark this as ready for merging
2017-04-13 09:22:28 -04:00
anarcat
1d96095af7
clarify that "patch" on contrib plugins means the author wants to merge
2017-04-13 09:21:09 -04:00
anarcat
ad6d2e7de0
this is a patch - i'd like this in core, or at least a discussion on how to merge it with the main plugin
2017-04-13 09:19:23 -04:00
anarcat
6a1efc5c6a
add a patch to make this happen
2017-04-12 16:15:23 -04:00
anarcat
7d72549ef8
rename plugins/contrib/i18nheadinganchor.mdwn to plugins/contrib/i18nheadinganchors.mdwn
2017-04-12 16:14:30 -04:00
anarcat
42b8a58565
add i18nheadinganchors plugin
2017-04-12 16:14:13 -04:00
anarcat
a0a57fa8cc
move my repo to gitlab
2017-04-12 16:13:47 -04:00
anarcat
f65eae2126
respond to an old question
2017-04-12 15:40:09 -04:00
Joey Hess
6cdba67dac
todo
2017-04-04 12:51:40 -04:00
desci
207666e903
Fixing format
2017-03-29 15:37:02 -04:00
desci
886610d85b
As requested
2017-03-29 15:36:28 -04:00
desci
5c9d9b3213
Answering questions and updating links
2017-03-29 15:35:54 -04:00
tuxillo
eba821b5f8
2017-03-19 20:33:38 -04:00
tuxillo
8d4342183b
2017-03-19 20:32:47 -04:00
martymcfly@55267c498da1bbb4b9fe2a8baadc45dc1bd8f57a
f6f482af42
MyUserPage
2017-03-09 10:01:37 -04:00
martymcfly@55267c498da1bbb4b9fe2a8baadc45dc1bd8f57a
3e1d1ec36a
Added a comment: PS
2017-03-09 10:00:23 -04:00
martymcfly@55267c498da1bbb4b9fe2a8baadc45dc1bd8f57a
17988f95b1
Ikiwiki error with Asciidoc
2017-03-09 09:59:06 -04:00
Joey Hess
a3a6ec02e7
cleanup
2017-03-07 11:53:39 -04:00
kw_ikiwiki1@64633d204c198f52735247ca119bddbcbfaafdef
48a959eebb
2017-03-07 10:04:42 -04:00
kw_ikiwiki1@64633d204c198f52735247ca119bddbcbfaafdef
888b4603e1
test test blah blah
2017-03-07 09:59:48 -04:00
jmtd@d79be1606aba831a3b476d5fff7d99f4b321eab2
6b75169007
speed up commenting by optionally providing a comment form in static pages
2017-03-03 10:52:14 -04:00
jmtd@d79be1606aba831a3b476d5fff7d99f4b321eab2
5fc2e8b55b
Added a comment
2017-03-03 10:48:03 -04:00
jmtd@d79be1606aba831a3b476d5fff7d99f4b321eab2
135a302acc
Added a comment
2017-03-03 10:29:13 -04:00
Joey Hess
90f4fd6635
my github mirror of ikiwiki has been deleted due to their horrible anti-free-software TOS
2017-03-01 13:34:42 -04:00
svetlana@192500fb6a2e2ef8e78d1a08cca64b1bca9833b9
31e095be9b
Added a comment
2017-02-21 18:02:45 -04:00
svetlana@192500fb6a2e2ef8e78d1a08cca64b1bca9833b9
a7cf415822
+aka use page/index.mdwn source files
2017-02-21 17:51:59 -04:00
smcv
5bc7a30f64
Added a comment
2017-02-21 14:21:19 -04:00
smcv
c24f538c6d
Added a comment
2017-02-21 14:17:35 -04:00
svetlana@192500fb6a2e2ef8e78d1a08cca64b1bca9833b9
4e77978328
Added a comment
2017-02-20 23:56:19 -04:00
svetlana@192500fb6a2e2ef8e78d1a08cca64b1bca9833b9
4a2c4842bf
Added a comment
2017-02-20 23:47:35 -04:00
svetlana@192500fb6a2e2ef8e78d1a08cca64b1bca9833b9
dc232c0006
Added a comment
2017-02-20 19:42:13 -04:00
openmedi
7618dafe0c
Added a comment
2017-02-20 11:43:13 -04:00
svetlana@192500fb6a2e2ef8e78d1a08cca64b1bca9833b9
f3a9bed1c5
Added a comment
2017-02-19 17:59:26 -04:00
svetlana@192500fb6a2e2ef8e78d1a08cca64b1bca9833b9
8c4408900c
removed
2017-02-19 17:52:54 -04:00
svetlana@192500fb6a2e2ef8e78d1a08cca64b1bca9833b9
3b19cc0ddd
Added a comment
2017-02-19 17:48:23 -04:00
Louis
37056e736a
Merge branch 'master' of git://ikiwiki.branchable.com
2017-02-18 22:56:06 +01:00
Louis
ff784524b4
Update my (spalax) information
2017-02-18 21:11:47 +01:00
Louis
e66912e677
Apology about the poor choice for the name of the sidebar2 plugin
2017-02-18 21:08:48 +01:00
Louis
d9f6141cd7
New plugin: verboserpc
2017-02-18 21:08:48 +01:00
Louis
7bb8226987
New plugin: pageversion
2017-02-18 21:08:48 +01:00
Louis
d2c4047282
New plugin: redirect
2017-02-18 20:43:52 +01:00
krqt.kndy@eb44788e4eb202f3e68eeb8ba175d3897c3979a9
b92b8caf11
2017-02-17 17:15:00 -04:00
vegardv@75ae889e836bda8ce69bc038d8335c398a2f6f40
c0fcd409fa
Added a comment
2017-02-10 04:33:42 -04:00
svetlana@192500fb6a2e2ef8e78d1a08cca64b1bca9833b9
e748e0016d
Added a comment
2017-02-09 17:48:06 -04:00
smcv
8502eb47fa
Added a comment
2017-02-09 08:13:03 -04:00
svetlana@192500fb6a2e2ef8e78d1a08cca64b1bca9833b9
3d177313d6
2017-02-09 07:22:48 -04:00
svetlana
40d3bdac4c
+update broken uris
2017-02-07 20:36:02 -04:00
svetlana
139197d823
2017-02-07 19:15:02 -04:00
svetlana
4f9a8d10de
Confuses a map
2017-02-07 19:11:17 -04:00
svetlana
7b664f4151
2017-02-06 01:39:02 -04:00
svetlana
7c0292edc5
removed
2017-02-05 22:37:01 -04:00
svetlana@192500fb6a2e2ef8e78d1a08cca64b1bca9833b9
4c96c9decd
2017-02-05 15:31:24 -04:00
smcv
7744b4d849
change `pwd` to $HOME so assumptions are met even if you cd elsewhere
2017-02-03 16:48:48 -04:00
me@4eb1b66f86170ba2ff0690b93ad01f46bfc8eac4
c72fbbe21d
No longer using ikiwiki
2017-02-03 12:54:47 -04:00
smcv
47b12458ae
2017-01-26 07:38:48 -04:00
svetlana
2265aef4e6
Does not show up in the setup
2017-01-24 00:59:27 -04:00
svetlana
9581c039e8
* [[guppy| http://guppy.branchable.com ]] an internationalized modular Python IRC bot
2017-01-18 19:27:48 -04:00
smcv
1c8c0ccf59
Added a comment
2017-01-18 17:46:14 -04:00
smcv
0acf3b6d0c
Added a comment: Do that through your web server, not ikiwiki
2017-01-18 17:45:30 -04:00
openmedi
6d0f460b12
2017-01-17 08:44:20 -04:00
Simon McVittie
12b4618228
Note another Debian 8 backport
2017-01-12 00:31:10 +00:00
Simon McVittie
666d87a50c
Fix typo
2017-01-11 19:02:10 +00:00
Simon McVittie
8b54ba7ad1
Release 3.20170111
2017-01-11 18:18:38 +00:00
Simon McVittie
4d0e525e6a
Document the security fix soon to be released in 3.20170111
2017-01-11 18:16:42 +00:00
Simon McVittie
c7a4d57772
3.20170110
2017-01-10 13:22:13 +00:00
Simon McVittie
7586f5165e
news: Use Debian security tracker instead of MITRE for CVE references
...
The Debian security tracker gets timely updates, whereas the official
CVE pages hosted by MITRE tend to show up as "RESERVED" for several
weeks or months after assignment.
2017-01-09 14:11:18 +00:00
Simon McVittie
9e03c00202
shortcuts: Use security-tracker.debian.org for [[!debcve]]
...
security.debian.org currently rejects HTTPS connections.
2017-01-09 14:09:35 +00:00
https://anarc.at/openid/
f2b65d0370
add debian security tracker
2016-12-30 16:48:40 -04:00
Simon McVittie
a60f837695
Merge remote-tracking branch 'origin/master'
2016-12-29 21:34:10 +00:00
Simon McVittie
e0341d0e88
3.20161229.1
2016-12-29 20:47:17 +00:00
smcv
7562350a3a
add anchors for use in advisory to oss-security
2016-12-29 16:24:48 -04:00
Simon McVittie
04e322fd6b
Clarify which versions of ikiwiki fixed CVE-2016-9645, -9646
2016-12-29 20:08:49 +00:00
Simon McVittie
287bb19883
3.20161229
2016-12-29 17:37:51 +00:00
Simon McVittie
cf0166347c
Add CVE references for CVE-2016-9646, CVE-2016-9645
...
Thanks to the Debian security team for allocating these.
2016-12-29 17:36:11 +00:00
Simon McVittie
078d4208ca
Prune git remotes that are unreachable or unresponsive
2016-12-29 17:30:56 +00:00
Simon McVittie
a8a7462382
Try revert operations (on a branch) before approving them
...
Otherwise, we have a time-of-check/time-of-use vulnerability:
rcs_preprevert previously looked at what changed in the commit we are
reverting, not at what would result from reverting it now. In
particular, if some files were renamed since the commit we are
reverting, a revert of changes that were within the designated
subdirectory and allowed by check_canchange() might now affect
files that are outside the designated subdirectory or disallowed
by check_canchange().
It is not sufficient to disable rename detection, since git older
than 2.8.0rc0 (in particular the version in Debian stable) silently
accepts and ignores the relevant options.
OVE-20161226-0002
2016-12-28 21:32:12 +00:00
Simon McVittie
c1120bbbe8
Force CGI::FormBuilder->field to scalar context where necessary
...
CGI::FormBuilder->field has behaviour similar to the CGI.pm misfeature
we avoided in f4ec7b0
. Force it into scalar context where it is used
in an argument list.
This prevents two (relatively minor) commit metadata forgery
vulnerabilities:
* In the comments plugin, an attacker who was able to post a comment
could give it a user-specified author and author-URL even if the wiki
configuration did not allow for that, by crafting multiple values
to other fields.
* In the editpage plugin, an attacker who was able to edit a page
could potentially forge commit authorship by crafting multiple values
for the rcsinfo field.
The remaining plugins changed in this commit appear to have been
protected by use of explicit scalar prototypes for the called functions,
but have been changed anyway to make them more obviously correct.
In particular, checkpassword() in passwordauth has a known prototype,
so an attacker cannot trick it into treating multiple values of the
name field as being the username, password and field to check for.
OVE-20161226-0001
2016-12-28 21:32:12 +00:00
spalax
a9b876e1fa
Added a comment
2016-12-26 18:03:28 -04:00
smcv
836f165939
Added a comment
2016-12-26 15:26:25 -04:00
spalax
1a73c8d528
Question about default timezone ":/etc/localtime"
2016-12-25 17:05:08 -04:00