Commit Graph

621 Commits (9ea3f9dfe7c0341f4e002b48728b8139293e19d0)

Author SHA1 Message Date
Simon McVittie d283e4ca1a useragent: Automatically choose whether to use LWPx::ParanoidAgent
The simple implementation of this, which I'd prefer to use, would be:
if we can import LWPx::ParanoidAgent, use it; otherwise, use
LWP::UserAgent.

However, aggregate has historically worked with proxies, and
LWPx::ParanoidAgent quite reasonably refuses to work with proxies
(because it can't know whether those proxies are going to do the same
filtering that LWPx::ParanoidAgent would).

Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-26 22:21:27 +00:00
Simon McVittie 67543ce1d6 useragent: Don't allow non-HTTP protocols to be used
This prevents the aggregate plugin from being used to read the contents
of local files via file:/// URLs.

Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-26 21:44:07 +00:00
Simon McVittie e7b0d4a0ff useragent: Raise an exception if the LWP module can't be loaded
Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-24 18:49:58 +00:00
Simon McVittie f2b248cdfd preprocess: Don't encode digit zero as an entity in errors
I'm not sure what happened here, but it seems to have been the wrong
thing. Whitelist what we want to *not* encode instead.

Signed-off-by: Simon McVittie <smcv@debian.org>
2018-03-21 09:33:04 +00:00
Simon McVittie 0e5c8ae806 preprocess: Escape most ASCII punctuation in error messages
This is a minimal version of what we should in principle do here,
which is to escape the error message in whatever way is correct for
embedding plain text in the surrounding wiki markup language.
This implementation approximates that by assuming that HTML entities,
alphanumerics and common punctuation characters are passed through the
markup language unaltered, but punctuation characters might be
misinterpreted.

Signed-off-by: Simon McVittie <smcv@debian.org>
2018-02-28 09:55:53 +00:00
Joey Hess a79ab9ed18
add and use cgiurl_abs_samescheme
* emailauth: Fix cookie problem when user is on https and the cgiurl
   uses http, by making the emailed login link use https.
 * passwordauth: Use https for emailed password reset link when user
   is on https.

Not entirely happy with this approach, but I don't currently see a
better one.

I have not verified that the passwordauth change fixes any problem,
other than the user getting a http link when they were using https.
The emailauth problem is verified fixed by this commit.

This commit was sponsored by Michael Magin.
2018-01-05 11:59:35 -04:00
Simon McVittie 3789b385b2 core: Don't decode the result of strftime if already tagged as UTF-8
It wasn't in old Perls, but might be in Perl >= 5.21.1 due to commit
https://perl5.git.perl.org/perl.git/commit/9717af6 (Closes: #869240)
2017-07-23 16:04:57 +01:00
Simon McVittie 88da55c5d1 check_canchange: report invalid filenames as intended
Instead of logging "bad file name %s" and attempting to call the
(string) filename as a subroutine, actually do the intended
sprintf operation.
2017-01-09 14:27:56 +00:00
Simon McVittie 32ef584dc5 HTML-escape error messages (OVE-20160505-0012)
The instance in cgierror() is a potential cross-site scripting attack,
because an attacker could conceivably cause some module to raise an
exception that includes attacker-supplied HTML in its message, for
example via a crafted filename. (OVE-20160505-0012)

The instances in preprocess() is just correctness. It is not a
cross-site scripting attack, because an attacker could equally well
write the desired HTML themselves; the sanitize hook is what
protects us from cross-site scripting here.
2016-05-05 23:43:17 +01:00
Simon McVittie 02a1aa4e49 Don't fail to syslog if the wiki name contains %s
This is a corner case spotted while fixing UTF-8 syslogging.
2016-01-21 07:33:41 +00:00
Simon McVittie b8dbb48fdc Force log messages to be bytestrings
Sys::Syslog is not UTF-8-literate.
2016-01-21 07:33:41 +00:00
Simon McVittie 15939a2528 Add deterministic option and use it for the docwiki
It doesn't do anything yet.
2015-06-09 22:30:43 +01:00
Simon McVittie 2afb0dd663 Do not directly enable emailauth by default, only indirectly via openid
This avoids nasty surprises on upgrade if a site is using httpauth,
or passwordauth with an account_creation_password, and relying on
only a select group of users being able to edit the site. We can revisit
this for ikiwiki 4.
2015-05-27 08:52:01 +01:00
Joey Hess 84efd3e00f allow emailuser to be called when there is no %config set
ikiwiki-hosting needs to do this
2015-05-19 17:06:25 -04:00
Daniel Kahn Gillmor a5309078ec make cgiurl output deterministic
IkiWiki::cgiurl() currently produces non-deterministic output, because
the params hash can be sorted different ways.

Sorting keys to params before crafting the string should make the
output deterministic.
2015-05-19 15:34:46 -04:00
Joey Hess ab1bba9dab cloak user PII when making commits etc, and let cloaked PII be used in banned_users
This was needed due to emailauth, but I've also wrapped all IP address
exposure in cloak(), although the function doesn't yet cloak IP addresses.

(One IP address I didn't cloak is the one that appears on the password
reset email template. That is expected to be the user's own IP address,
so ok to show it to them.)

Thanks to smcv for the pointer to
http://xmlns.com/foaf/spec/#term_mbox_sha1sum
2015-05-14 11:58:21 -04:00
Joey Hess 4fc4e78cd8 sanitize nickname derived from email address 2015-05-14 10:40:52 -04:00
Joey Hess 497513e737 avoid showing password prefs for emailauth user 2015-05-13 23:24:07 -04:00
Simon McVittie 943ec015da If neither timezone nor TZ is set, set both to :/etc/localtime if we're on a GNU system and that file exists, or GMT otherwise 2015-03-01 15:01:05 +00:00
Simon McVittie f570c89214 Fix getlibdirs when libdirs is unset 2014-12-16 08:11:59 +00:00
Simon McVittie b3e21b0436 Simplify libdirs: libdirs must be plural, libdir must be a single string
This makes the documentation read more sensibly, and matches how we
handle underlaydirs and underlaydir.
2014-12-09 20:02:03 +00:00
Simon McVittie 23b91e69b0 Merge remote-tracking branch 'spalax/paternal/libdirs' 2014-12-09 19:58:36 +00:00
Louis 3ebab88c40 Make getlibdirs return an array (or whathever this type is called in perl) 2014-12-06 18:40:14 +01:00
Louis c8d28b9439 Allow several extra library and plugin directories (libdir option) 2014-12-06 18:32:02 +01:00
Amitai Schlair 3a5a030bac entab 2014-12-02 10:38:17 -05:00
Mark Jason Dominus (陶敏修) e2354943d7 in debug mode, issue a warning before waiting for a lock 2014-12-02 10:37:09 -05:00
Simon McVittie ceab72ad34 page.tmpl: tell mobile browsers we have a responsive layout, unless told not to
Mobile browsers typically assume that arbitrary web pages are
designed for a "desktop-sized" browser window (around 1000px)
and display that layout, zoomed out, in order to avoid breaking
naive designs that assume nobody will ever look at a website on
a phone or something. People who are actually doing "responsive
design" need to opt-in to mobile browsers rendering it at a
more normal size.
2014-12-01 21:29:46 +00:00
Simon McVittie 490a1eca7b Always produce HTML5 doctype and new attributes, but not new elements
According to caniuse.com, a significant fraction of Web users are
still using Internet Explorer versions that do not support HTML5
sectioning elements. However, claiming we're XHTML 1.0 Strict
means we can't use features invented in the last 12 years, even if
they degrade gracefully in older browsers (like the role and placeholder
attributes).

This means our output is no longer valid according to any particular
DTD. Real browsers and other non-validator user-agents have never
cared about DTD compliance anyway, so I don't think this is a real loss.
2014-10-16 11:04:53 +01:00
Simon McVittie 56f8223f95 Set default User-Agent to something that doesn't mention libwww-perl
It appears that both the open-source and proprietary rulesets for
ModSecurity default to blacklisting requests that say they are
from libwww-perl, presumably because some script kiddies use libwww-perl
and are too inept to set a User-Agent that is "too big to blacklist",
like Chrome or the iPhone browser or something. This seems doomed to
failure but whatever.
2014-10-12 17:45:27 +01:00
Simon McVittie 3b8da667cc Add reverse_proxy option which hard-codes cgiurl in CGI output
This solves several people's issues with the CGI trying to be
too clever when IkiWiki is placed behind a reverse-proxy.
2014-10-05 23:49:37 +01:00
Simon McVittie d712389ae3 Avoid mixed content when cgiurl is https but url is not 2014-10-05 23:49:37 +01:00
Simon McVittie 532f7adfdb Use protocol-relative URIs if cgiurl and url differ only by authority (hostname) 2014-10-05 15:56:19 +01:00
Simon McVittie 7f5c2cfa5a Merge branch 'ready/templatebody' 2014-09-15 21:52:03 +01:00
Simon McVittie 70bc1a2113 add more wording based on what chrysn suggested 2014-09-15 21:22:42 +01:00
Simon McVittie 7dcf18dba5 Merge branch 'ready/document-success-reason' 2014-09-15 21:15:31 +01:00
Simon McVittie 2eea320b67 Merge branch 'ready/trail-sort' 2014-09-12 21:38:06 +01:00
Joey Hess 40d6ccbadb Make --no-gettime work in initial build. Closes: #755075 2014-08-28 19:08:09 -07:00
Simon McVittie 3f4a935740 trail: don't generate a costly dependency when forcing sort order
pagespec_match_list() makes the current page depend on the pagespec
being matched, so if you use [[!trailoptions sort="..."]] to force
a sort order, the trail ends up depending on internal(*) and is
rebuilt whenever anything changes. Add a new sort_pages() and use that
instead.
2014-07-11 22:08:08 +01:00
Simon McVittie a9fc30b19c Track whether we're in the scan or render phase
In the scan phase, it's too early to match pagespecs or sort pages;
in the render phase, both of those are OK.

It would be possible to add phases later, renumbering them if necessary
to maintain numerical order.
2014-03-05 10:42:19 +00:00
Simon McVittie 7672014582 Add templatebody plugin and directive, and enable it by default
Also add a regression test for templatebody.
2014-03-05 10:42:19 +00:00
Simon McVittie cbb3218db7 add readtemplate hook 2014-03-05 10:42:19 +00:00
Simon McVittie 8c6da231d6 SuccessReason: add some explanatory comments
Whenever I look at dependency calculation, it takes me a while to get my
head round the concept of influences. If what I've written here is
accurate, maybe the next person to look at this (or my future self)
will need less of a run-up.
2014-03-03 11:50:15 +00:00
Joey Hess e0d1c264d9 Allow up to 8 levels of nested directives, rather than previous 3 in directive infinite loop guard. 2014-02-23 14:11:54 -04:00
Joey Hess c5d63c549d Merge remote-tracking branch 'anarcat/dev/syslog_utf8' 2014-02-23 14:09:51 -04:00
Tuomas Jormola dc53ca18f2 Bug#737121: ikiwiki: [PATCH] Implement configuration option to set the user agent string for outbound HTTP requests
Package: ikiwiki
Version: 3.20140125
Severity: wishlist

By default, LWP::UserAgent used by IkiWiki to perform outbound HTTP
requests sends the string "libwww-perl/<version number>" as User-Agent
header in HTTP requests. Some blogging platforms have blacklisted the
user agent and won't serve any content for clients using this user agent
string. With IkiWiki configuration option "useragent" it's now possible
to define a custom string that is used for the value of the User-Agent
header.
2014-02-01 16:53:33 -04:00
Antoine Beaupré 2a143bfd0b don't edit config setting, but a temporary variable, complete and unbreak tests 2013-11-29 01:09:04 -05:00
Antoine Beaupré 2869b65bcb recover gracefully from syslog failures 2013-11-29 01:09:03 -05:00
Joey Hess 654530fa8b Added only_committed_changes config setting, which speeds up wiki refresh by querying git to find the files that were changed, rather than looking at the work tree. Not enabled by default as it can break some setups where not all files get committed to git. 2013-11-16 17:26:20 -04:00
Joey Hess 3aaa33064c Optmised loadindex by caching the page name in the index.
I have benchmarked the pagename() call this avoids taking up to 2 seconds
for a loadindex in a large wiki. The total loadindex for that wiki was
6.46s, so this is a significant improvment.
Even on a smaller site, this reduces the refresh time from 1.69 to 1.52
seconds.

The only breakage risk here is that pagename() can change the page name
it calculates due to setup changes. But in the case of a setup change, the
whole site is rebuilt. So the cached page name is not used in that
case.
2013-11-16 12:48:11 -04:00
Joey Hess 992d4f52ff Fixed unncessary tight loop hash copy in saveindex where a pointer can be used instead. Can speed up refreshes by nearly 50% in some circumstances.
I *think* this is ok, at least it results in close to the same index being
saved as before. The difference is that plugins that have a pagestate of {}
have that recorded this way, while with the tight loop, the key for the
plugin in not copied in that case. I cannot see how this could matter.
2013-11-16 12:28:01 -04:00