Commit Graph

1102 Commits (9ec9d6901d444af48555abf7b4c26d1965c46017)

Author SHA1 Message Date
Joey Hess 4ee441c152 changelog 2008-07-26 16:23:29 -04:00
Joey Hess b7bf566f55 attachment: Use relative paths when inserting links. 2008-07-25 19:22:29 -04:00
Joey Hess 99ec944766 bzr (mostly) done 2008-07-25 12:16:21 -04:00
Joey Hess 99b59f2d62 toggle: Fix incompatability between javascript and webkit. 2008-07-25 01:24:20 -04:00
Joey Hess 36a0d984c9 fix monotone/mercurial confusion 2008-07-24 22:03:38 -04:00
Joey Hess 58e2b2c99c mercurial: Add support for rename, delete, and also diff. (William Uther) 2008-07-24 14:17:04 -04:00
Joey Hess 4691a2ad39 add renamepage hooks
Implemented for regular wikilinks, with a test suite.
2008-07-23 18:14:20 -04:00
Joey Hess 96dab37a8e Merge branch 'master' into tova 2008-07-23 17:34:01 -04:00
Joey Hess b95669c3c8 Rebuild pages that change their type. (Gabriel McManus) 2008-07-23 16:13:37 -04:00
Joey Hess 335a6a59e6 Merge branch 'master' into tova 2008-07-23 15:00:07 -04:00
Joey Hess 1d1767192c attachment: Do not escape _ when determining attachment filenames. 2008-07-23 14:58:39 -04:00
Joey Hess d76c10cba2 Split out error messages from editpage.tmpl into several separate templates. 2008-07-22 19:58:34 -04:00
Joey Hess 9776bbf853 Don't allow uploading an attachment with the same name as an existing page, to avoid confusion. 2008-07-22 17:12:20 -04:00
Joey Hess 114e20e948 typo 2008-07-22 17:03:28 -04:00
Joey Hess cbddb5a4b8 add rcs_commit_staged and rcs_rename
Implemented for git and svn so far.

Note that rcs_commit_staged does assume that the rcs has the ability to
"stage" multiple changes for a later commit. Support for this varies, but
all we really care about is staging removals and renames, which, AFAIK, all
modern rcs's support.
2008-07-22 16:14:33 -04:00
Joey Hess 96c529826d skeleton rename plugin 2008-07-21 22:30:43 -04:00
Joey Hess 9d5c9ce258 Merge branch 'master' into tova 2008-07-21 21:23:58 -04:00
Joey Hess c2a2f71508 Add allow_symlinks_before_srcdir config setting
can be used to avoid a security check that is a good safe default, but
problimatic overkill in some situations.

I decided to underdocument this, because the option looks ugly, and I don't
want people randomly turning it on because it looks like a good idea. So if
you need it, you'll get an error message mentioning how to fix it.
2008-07-21 18:33:09 -04:00
Joey Hess e630e7507e Avoid troublesome abs_path calls in wrapper setup
As documented in the forum post.
2008-07-21 18:26:14 -04:00
Joey Hess 18d2403647 Merge branch 'master' into tova
Conflicts:

	debian/changelog
2008-07-21 17:27:50 -04:00
Joey Hess c2ffd205f3 Really fix bug with links to pages with names containing colons
Previous fix mised a few cases.
2008-07-21 17:27:14 -04:00
Joey Hess 09331644a2 changelog 2008-07-21 17:06:40 -04:00
Joey Hess b1b5860b29 touchups 2008-07-21 14:03:39 -04:00
Joey Hess c924c76bd8 basically, removal works
Still need to consider all the edge cases..
2008-07-21 13:50:12 -04:00
Joey Hess c6d1ae33d2 All rcs backends need to implement rcs_remove
(Done for svn, git.)
2008-07-21 13:41:17 -04:00
Joey Hess 3da279ddd4 editpage: Don't show attachments link when attachments are disabled. 2008-07-21 12:15:55 -04:00
Joey Hess 4a3e16f851 prefix_directives enabled in doc wiki, all preprocessor directives converted. (Simon McVittie) 2008-07-21 11:41:32 -04:00
Joey Hess fede380a89 releasing version 2.54 2008-07-21 11:19:01 -04:00
Joey Hess b557ba7c46 close bug, add changelog 2008-07-19 13:24:58 -04:00
Joey Hess 1b318dacbd git: Fix parsing of git logs with no commit messages at all. 2008-07-17 16:53:54 -04:00
Joey Hess ac62a47ea4 git: Put web committer name/openid/address in the git author field
The committer's email address is not used (because leaking email addresses
is not liked by many users). Closes: #451023

A "Web-commit" trailer is added, to allow telling the difference between
web commits and direct commits.
2008-07-17 16:17:15 -04:00
Joey Hess 584f3e3061 Add a postscan hook.
* Add a postscan hook.
* search: Use postscan hook, avoid updating index when previewing.
2008-07-17 16:17:15 -04:00
Joey Hess df3a8b183c smiley escaping fixes
Smileys need to be double-escaped to work, since the smiley plugin runs as
a sanitize hook, and markdown helpfully removes one level of escapes first.

There were some bugs in the smiley handling code that made escaped smileys
still be expanded. After unescaping a smiley, it needed to move pos forward
past it or the next pass would expand it.

Also, once the m//g got to the end, it seemed to loop back through and make
one more pass (a difference in perl 5.10's regexp exngine? I observed that
pos was undefined when this happened, so added a `last unless defined pos`.
2008-07-17 12:34:38 -04:00
Joey Hess dc1cbf2c8c merged intrigeri's parentlinks plugin, close todo 2008-07-16 17:49:24 -04:00
Joey Hess 67d8f7f209 changelog 2008-07-16 17:45:38 -04:00
Joey Hess 76b078d587 changelog 2008-07-14 21:12:03 -04:00
Joey Hess 9957c7fd5d Cut the size of the binary package in half by excluding pages for bugs and todo items from the html shipped in it. 2008-07-13 15:46:20 -04:00
Joey Hess edb59cd5b9 Error handling improvement for preprocess hooks. It's now safe to call error() from such hooks; it will cause a nicely formatted error message to be inserted into the page. 2008-07-13 14:41:40 -04:00
Joey Hess 2bd4dea7f0 changelog 2008-07-13 13:59:36 -04:00
Joey Hess 208ccbed0e changelog 2008-07-12 12:43:02 -04:00
Joey Hess 6255c88e89 fixed 2008-07-12 12:04:10 -04:00
Joey Hess d101269bde Move yesno function out of inline and into IkiWiki core, not exported. 2008-07-12 12:01:22 -04:00
Joey Hess 85a5ff82c6 credit smcv 2008-07-12 11:42:22 -04:00
Joey Hess ca30d95a78 rename uuid to guid 2008-07-12 10:59:45 -04:00
Joey Hess c522fffe09 document uuid 2008-07-12 10:53:57 -04:00
Joey Hess a0f596b6ed Change deb dependencies to list Text::Markdown before markdown, since the former, while slower, has a much better html parser that avoids numerous bugs. 2008-07-12 10:40:31 -04:00
Joey Hess 3879c56e71 Fixes creation of pages when clicking on WikiLinks starting with "/". 2008-07-10 15:36:18 -04:00
Joey Hess dcab5e2e48 template: Add support for a BASENAME variable. 2008-07-10 15:25:42 -04:00
Josh Triplett b2a708b90e debian/changelog: fix typo in old entry 2008-07-09 23:51:32 -07:00
Josh Triplett 1aab048e81 ikiwiki-transition: Fix command-line processing so the prefix_directives transition works again. 2008-07-09 23:42:34 -07:00
Joey Hess fb1aaacd90 fix changelog 2008-07-09 22:40:05 -04:00
Joey Hess 4e02dead14 Make it possible to load setup files w/o running them. Code needing to do so can call IkiWiki::Setup::load, and the values will be loaded into %IkiWiki::Setup::setup. 2008-07-09 22:39:26 -04:00
Joey Hess 06709cdf31 improve error message if virus checker fails w/o output 2008-07-09 16:53:03 -04:00
Joey Hess 2449c596af otl: Support utf-8 files. (Recai Oktaş) 2008-07-08 20:52:30 -04:00
Joey Hess e0577bc944 not yet released 2008-07-08 18:44:56 -04:00
Joey Hess 3e8abb8b53 response 2008-07-08 18:35:48 -04:00
Joey Hess ad02f69836 attachment: Support perl 5.8's buggy version of CGI.pm.
This is truely horribly disgusting. CGI::tmpFileName, in current perls, is
an undocumented function (which should be a clue..) that takes the original
filename of an uploaded attachment, and returns the name of the tempfile
that CGI has stored it in.

In old perls, though, CGI::tmpFileName does not take a filename. It takes
a key from the object's {'.tmpfiles'} hash. This key is something
crazy like '*Fh::fh00001group' -- apparently the stringification of a
filehandle object.

Just to add to the fun, tmpFileName doesn't take the key, it expects a
refernce to the key. Argh?!

But the fun doesn't stop there, because in perl 5.8, CGI.pm is also broken
in two other ways. The upload() method is supposed to return a filehandle
to the temp file. It doesn't. The param() method is supposed to return
a filehandle to the temp file, that stringifies to the original filename.
It returns just the original filename, no filehandle.

Combine all these bugs, and you end up with this disgusting commit. Since
I have no way to get the filehandle, I *need* to get the tempfile name.
If I had the filehandle, I could probably pass it into tmpFileName, and
it might strigify to the right key name. But I don't, so the only way to
determine the key is to grub through the .tmpfiles hash ourselves.

And finally, one the temp file name is discovered, a filehandle can finally
be obtained by (re)opening it.

I recommend that this commit be reverted when perl 5.8 is a mercifully
faded memory.

I'm really, really, really glad I'm actually being paid for working on
this right now!
2008-07-08 18:10:53 -04:00
Joey Hess fbd9865232 Include ikiwiki.setup in examples in the debian package. 2008-07-08 17:08:00 -04:00
Joey Hess 71f10579c0 attachment: Support old versions of CGI.pm that lack an upload method. 2008-07-08 10:42:58 -04:00
Joey Hess e25c3a0a7c Fix a bug with links to pages whose names contained colons.
So the problem is that ikiwiki would generate a relative link like
href="colon:problem", which web browsers treat as being in the "colon:"
uri scheme.

The best fix seems to be to make url beautification fix this, by slapping
a "./" in front.
2008-07-08 10:03:55 -04:00
Joey Hess f156308aef attachment: Fix an uninitialised value warning when editing a page that currently has no attachments. 2008-07-08 09:40:46 -04:00
Joey Hess 43e0691a50 search: generate configuration files once only when rebuilding (Gabriel McManus) 2008-07-07 01:55:06 -04:00
Joey Hess d1a42616c5 releasing version 2.52 2008-07-06 19:24:09 -04:00
Joey Hess 2f3a279f68 add virus checking to attachments plugin 2008-07-06 17:36:26 -04:00
Joey Hess 05124f9a86 editpage escaping fixes
* The editpage form now uses the raw page name, not the page title, in its
  'page' cgi parameter. Using the title was ambiguous and made it
  impossible to tell between some pages, like "foo/bar" and "foo__47__bar",
  sometimes causing the wrong page to be edited.
* This change means that some edit links need to be updated.
  Force a rebuild on upgrade to this version.
* Above change also allowed really fixing escaped slashes from the blogpost
  form.
2008-07-06 15:52:04 -04:00
Joey Hess edfbd7e1aa toggle: Add javascript to top of page, not to end. This avoids flicker since closed toggles will not be displayed as the page is loading. 2008-07-02 16:14:18 -04:00
Joey Hess 895faed642 toggle: Add support for toggles that are open by default.
Also fix to work in preview mode.
2008-07-02 16:02:01 -04:00
Joey Hess 2ca1e12c5f changelog 2008-06-30 23:38:07 -04:00
Joey Hess 8e43bc0e0f Configure CGI.pm to disable file uploads by default. 2008-06-30 20:01:10 -04:00
Joey Hess 2e42045539 releasing version 2.51 2008-06-29 14:18:33 -04:00
Joey Hess b2eceeb7b9 improve wording 2008-06-28 23:13:42 -04:00
Joey Hess b66f9a1981 call format hooks when generating page previews
* toc: Revert change in 2.45 that made it run at sanitize time. This breaks
  use of toc in a sidebar.
* Call format hooks when generating page previews, thus fixing toc display
  there, as well as fixing inlins to again display in page previews, since
  it's started using format hooks. This also allows several other things,
  like embed, that use format hooks, to work during page preview time.
* Format hooks should not rely on getting an entire html document, as they
  will only get the body during page preview.
* toggle: Deal with preview mode when adding javascript.
2008-06-28 23:08:24 -04:00
Joey Hess 00503f25cd smiley: Generate links relative to the destpage. (Fixes a reversion from 2.41.) 2008-06-28 16:58:43 -04:00
Joey Hess f0df195049 new txt plugin, was previously contrib/plaintext 2008-06-24 20:48:45 -04:00
Joey Hess 50542d15ef Add support for the universal edit button
<http://universaleditbutton.org/>

Not forcing a rebuild on upgrade just for this.
2008-06-21 16:56:47 -04:00
Joey Hess f552d7572f changelog 2008-06-21 16:24:50 -04:00
Joey Hess 98095ccac4 creole: New plugin from Bernd Zeimetz. Closes: #486930 2008-06-19 19:11:18 -04:00
Joey Hess 3a204fabbb Version the suggests of xapian-omega to a version known to be new enough to work with ikiwiki. Reportedly, version 0.9.9 is too old to work. Closes: #486592 2008-06-19 18:58:21 -04:00
Joey Hess bd7edfd9ca textile: The Text::Textile perl module has some regexps that fail if input is flagged as utf-8, but contains invalid characters such as 0x92. To prevent it from crashing, re-encode the content before calling it, which will ensure that it's really utf-8. 2008-06-16 15:43:37 -04:00
Joey Hess 4da54999de meta: Store "description" in pagestate for use by other plugins.
map: Support show=description.
2008-06-15 19:08:50 -04:00
Joey Hess 8f8543389e finish including hnb plugin 2008-06-15 16:27:08 -04:00
Joey Hess 71d984b310 map: Add a "show" parameter. "show=title" can be used to display page titles, rather than the default page name. Based on a patch from Jaldhar H. Vyas, Closes: #484510 2008-06-15 16:11:11 -04:00
Joey Hess 5e6a6b1086 append index.html to url generated by urlto("")
This special case crops up when generating the parentlink to the toplevel
index page. urlto("") had been generating a link to "./" (or "../" etc)
for that, which is fine, if the web server redirects that to the toplevel
index.html. It's less fine if there is no web server.

I actually ran into the problem first when using gopher. (Yes, yes, don't
laugh.. see upcoming tip.) But it also crops up when browsing local wiki
files.

Of course, the index.html is stripped back off if usedirs is enabled.
2008-06-15 15:04:26 -04:00
Joey Hess 00ca6f042e releasing version 2.50 2008-06-13 15:22:56 -04:00
Joey Hess 5807f1de04 fix two build bugs
* ikiwiki-mass-rebuild: Make group list comparison more robust.
* search: Work around xapian bug #486138 by only stemming locales
  in a whitelist.
2008-06-13 13:05:44 -04:00
Joey Hess ecfb14f7d1 Don't generate empty title attributes, etc, and allow setting defaults for class and id too. 2008-06-08 00:02:33 -04:00
Joey Hess f6b47b0d1c img: Support captions. 2008-06-07 23:45:40 -04:00
Joey Hess 77edb81bee releasing version 2.49 2008-06-07 15:26:43 -04:00
Joey Hess e4119f048c The search interface now allows searching for a page by title ("title:foo"), as well as for pages that contain a given link ("link:bar"). 2008-06-04 14:13:21 -04:00
Joey Hess 1dddec0ba9 Pass a destpage parameter to the sanitize hook.
Because the search plugin needed it, also because it's one of the few
plugins that didn't already have it.

I also considered adding it to htmlize, but I really cannot imagine caring
what the destpage is when htmlizing. (I'll probably be poven wrong later.)
2008-06-04 01:24:23 -04:00
Joey Hess 1546b48b97 move indexing to sanitize hook
I think this will give better results overall.

I made %IkiWiki::preprocessing accessible and used it to avoid indexing
at unnecessary points.
2008-06-04 00:58:46 -04:00
Joey Hess fab1333b67 Filter hooks are no longer called during the scan phase. This will prevent wikilinks added by filters from being scanned properly. But no known filter hook does that, and calling filters unncessarily during scan slowed down complex filters such as the one used to update the xapian index. 2008-06-04 00:15:15 -04:00
Joey Hess 8a6a5320ed search: Converted to use xapian-omega.
Everything is done except for the actual indexing. I plan to do incremental
indexing as pages change.
2008-06-03 15:29:54 -04:00
Joey Hess c1289de1ef cve id 2008-05-31 20:16:18 -04:00
Joey Hess 99e5e6dd08 inline: The optimisation in 2.41 broke nested inlines. Detect those and avoid overoptimising. 2008-05-31 15:10:23 -04:00
Joey Hess 0353882a66 ikiwiki-mass-rebuild: Don't trust $! when setting $)
A better fix, just check that what $) returns is what it was asked to set,
and ignore $! entirely.
2008-05-31 14:46:16 -04:00
Joey Hess c00890a2f0 ikiwiki-mass-rebuild: under $! before setting $) to avoid strange errno issue
This fixes a problem sgran saw on alioth. Apparently nss-db sets errno to
ENOENT as a side effect trying to read an optional file, but succeeds
anyway. Then, somehow, errno remains set across the library calls made by
$).

So unset it first as a workaround; there's probably a nss-db, libc, and/or
perl bug underneath.
2008-05-31 14:37:05 -04:00
Joey Hess 0a35e8a352 haiku: Generate valid xhtml. 2008-05-30 19:10:58 -04:00
Joey Hess 8d72885b47 releasing version 2.48 2008-05-30 18:21:27 -04:00
Joey Hess 1715c0399e updated French translation 2008-05-30 18:17:50 -04:00
Joey Hess e943812dc9 hashed password support, and empty password security fix
This implements the previously documented hashed password support.

While implementing that, I noticed a security hole, which this commit
also fixes..
2008-05-30 17:35:34 -04:00
Joey Hess 9d93029f01 teximg: If the log isn't written, avoid ugly error messages. 2008-05-29 19:29:40 -04:00
Joey Hess b0a7b2f3d7 teximg: Fix logurl. 2008-05-29 19:28:46 -04:00
Joey Hess 4152dca09e documentation for use of hashed passwords
Everything but the actual coding to support them.
2008-05-29 15:17:19 -04:00
Joey Hess d5d56a24bd When calling decode_utf8 on known-problimatic content in aggregate, explicitly pass 0 (FB_DEFAULT) as the second parameter. Apparently perl 5.8 needs this to avoid crashing on malformed utf-8, despite its docs saying it is the default. 2008-05-28 15:38:04 -04:00
Joey Hess 6725413516 Add rel=nofollow to edit links. This may prevent some spiders from pounding on the cgi following edit links. 2008-05-28 03:09:04 -04:00
Joey Hess 6b68c6ff72 releasing version 2.47 2008-05-25 14:28:33 -04:00
Joey Hess 5efaed6de6 Avoid unsightly warning message when evaling broken pagespecs.
Also improve error message when a pagespec fails to parse.
2008-05-22 13:11:25 -04:00
Joey Hess f6f25758a8 Perls older than 5.10 need to use the old method of decoding utf-8 in CGI values. Neither method will work for all versions of perl, so check version number at runtime. 2008-05-21 15:30:56 -04:00
Joey Hess 19945b5358 typo 2008-05-15 18:22:01 -04:00
Joey Hess 0438de905b ENV can be used in the setup file to override environment variable setting, such as TZ or PATH. 2008-05-15 18:20:52 -04:00
Joey Hess 0bf5248427 git: Skip over signed-off-by and similar lines in commit messages when generating recentchanges. 2008-05-15 18:03:44 -04:00
Joey Hess 8a888a8fed inline: Display a message if the 'pages' parameter is missing, before it just expanded to nothing. 2008-05-15 17:22:54 -04:00
Joey Hess 833610a5b4 orphans: As a special case, the toplevel index page is never considered an orphaned page. 2008-05-15 16:47:44 -04:00
Joey Hess 2c6f41e59c If PERL5LIB is set to the libdir when building ikiwiki, calculate and hardcode a proper 'use lib' statement anyway. This fixes a gotcha, since PERL5LIB won't work once ikiwiki is running via a wrapper or as a cgi. 2008-05-14 02:42:01 -04:00
Joey Hess fba4a198b5 mdwn: Add a multimarkdown setup file option. 2008-05-13 12:43:25 -04:00
Joey Hess 344b50d783 releasing version 2.46 2008-05-12 20:57:28 -04:00
Joey Hess fb3d5b4800 Fixes for behavior changes in perl 5.10's CGI
Something has changed in CGI.pm in perl 5.10. It used to not care
if STDIN was opened using :utf8, but now it'll mis-encode utf-8 values
when used that way by ikiwiki. Now I have to binmode(STDIN) before
instantiating the CGI object.

In 57bba4dac1, I changed from decoding
CGI::Formbuilder fields to utf-8, to decoding cgi parameters before setting
up the form object. As of perl 5.10, that approach no longer has any effect
(reason unknown). To get correctly encoded values in FormBuilder forms,
they must once again be decoded after the form is set up.

As noted in 57bba4da, this can cause one set of problems for
formbuilder_setup hooks if decode_form_utf8 is called before the hooks, and
a different set if it's called after. To avoid both sets of problems, call
it both before and after. (Only remaining problem is the sheer ugliness and
inefficiency of that..)

I think that these changes will also work with older perl versions, but I
haven't checked.

Also, in the case of the poll plugin, the cgi parameter needs to be
explcitly decoded before it is used to handle utf-8 values. (This may have
always been broken, not sure if it's related to perl 5.10 or not.)
2008-05-12 20:44:22 -04:00
Joey Hess 0850cde5a6 implemented pruning, s3 support now complete-ish 2008-05-07 23:51:25 -04:00
Joey Hess ec866f8370 Optimised file statting code when scanning for modified pages; cut the number of system calls in half. (Still room for improvement.) 2008-05-07 14:11:56 -04:00
Joey Hess b144831e46 pinger/pingee now tested and working 2008-05-06 19:06:53 -04:00
Joey Hess 64f9dfee32 typo 2008-05-05 20:44:18 -04:00
Joey Hess 1f88cad3a2 aggregate: Add support for web-based triggering of aggregation for people stuck on shared hosting without cron. (Sheesh.) Enabled via the `aggregate_webtrigger` configuration optiom. 2008-05-05 20:20:45 -04:00
Joey Hess 545054c356 releasing version 2.45 2008-05-05 15:17:44 -04:00
Joey Hess 3a9dfb8361 enhancesments for shared hosting
* Add a Bundle::Ikiwiki to the source for use with CPAN to install *all*
  the modules ikiwiki can use.
* Add a cpan directory containing a CPAN::MyConfig that can ease use of
  CPAN to install in a home directory on shared hosting providers.
* With these changes, it's pretty easy to install onto nearlyfreespeech.net
  and probably other shared hosting providers like dreamhost. Added
  a tip page documentng the process for nearlyfreespeech.
2008-05-05 14:51:26 -04:00
Joey Hess f06267fc3b git: Put -- before the filename when calling git rev-list to avoid warning message when the file doesn't exist. 2008-05-02 13:03:42 -04:00
Joey Hess b2dea99417 Fix ugly display when editing a page that has vanished.
srcfile now has an optional second parameter to avoid it throwing an error
if the source file does not exist.
2008-05-02 13:02:07 -04:00
Joey Hess 6f852e88e3 anonk: Add anonok_pagespec configuration setting that can be used to allow anonymous users to edit only matching pages. Closes: #478892 2008-05-01 14:58:23 -04:00
Joey Hess bb51e81762 img: Support a title attribute, will be passed through to html. Closes: #478718 2008-04-30 12:58:36 -04:00
Joey Hess 788f83c97d Add missing de.po. Closes: #471540 2008-04-29 16:28:07 -04:00
Joey Hess dbb5d11196 Deal with different paths to perl when removing -T flag. 2008-04-28 15:37:17 -04:00
Joey Hess 9f02ee8634 Add PREFIX/bin to the hardcoded PATH within ikiwiki. 2008-04-28 13:44:37 -04:00
Joey Hess 9652cdfe2e toc: Add the table of contents at sanitize time, rather than at format time. This allows the toc to be displayed when previewing an edit. It also avoids headers in the page template from showing up in the toc. 2008-04-26 15:13:01 -04:00
Joey Hess 7d7f85bbb5 Correct a bug in pagespec matching, where a empty pagespec matched all pages.
This manifested as wikis with no locked pages treating them all as locked.
The bug was introduced in version 2.41.

Medium urgency upload due to above fix.
2008-04-24 13:49:15 -04:00
Joey Hess a46261fec2 Allow libtext-markdown-perl to satisfy dependencies, as a an alternative to the markdown package. 2008-04-21 15:14:39 -04:00
Joey Hess 3912a9f5e9 add CVE link 2008-04-20 15:25:51 -04:00
Joey Hess f1228946bd Bring back the svnrepo setup file option. This is needed for recentchangediff to work with svn repos. 2008-04-17 14:37:55 -04:00
Joey Hess 18cb252e74 releasing version 2.43 2008-04-16 18:44:58 -04:00
Joey Hess 14b59caba3 Recommend a recent git-core for git init. Closes: 475609 2008-04-11 20:06:23 -04:00
Joey Hess 2beb279806 Give the full path to the hyperestraier helpfile in estseek.conf. 2008-04-10 17:50:43 -04:00
Joey Hess b698bf2408 Use bzr --quiet to avoid it outputting stuff and messing up http headers. (Scott Bronson) 2008-04-10 17:44:40 -04:00
Joey Hess e4395a567b Fix broken rcs_update for bzr. (Scott Bronson) 2008-04-10 17:41:43 -04:00
Joey Hess e1d456a86f Fix missing import of escapeHTML in userlink. (Scott Bronson) 2008-04-10 17:39:51 -04:00
Joey Hess 7f51c69491 releasing version 2.42 2008-04-10 17:24:08 -04:00
Joey Hess 72b5ef2c5f Fix CSRF attacks against the preferences and edit forms. Closes: #475445
The fix involved embedding the session id in the forms, and not allowing the
forms to be submitted if the embedded id does not match the session id.

In the case of the preferences form, if the session id is not embedded,
then the CGI parameters are cleared. This avoids a secondary attack where the
link to the preferences form prefills password or other fields, and
the user hits "submit" without noticing these prefilled values.

In the case of the editpage form, the anonok plugin can allow anyone to edit,
and so I chose not to guard against CSRF attacks against users who are not
logged in. Otherwise, it also embeds the session id and checks it.

For page editing, I assume that the user will notice if content or commit
message is changed because of CGI parameters, and won't blndly hit save page.
So I didn't block those CGI paramters. (It's even possible to use those CGI
parameters, for good, not for evil, I guess..)

The only other CSRF attack I can think of in ikiwiki involves the poll plugin.
It's certianly possible to set up a link that causes the user to unknowingly
vote in a poll. However, the poll plugin is not intended to be used for things
that people would want to attack, since anyone can after all edit the poll page
and fill in any values they like. So this "attack" is ignorable.
2008-04-10 16:35:30 -04:00
Joey Hess 04e7467807 need to handle urls to images the same
Also, simplified finding the url to the top of the site.
2008-04-03 16:37:05 -04:00
Joey Hess de8c34df59 aggregate: Correct a mistake in the code that dummy up a guid for feeds lacking one. 2008-04-03 02:36:01 -04:00
Joey Hess 5b8f2742f3 releasing version 2.41 2008-03-29 21:17:15 -04:00
Joey Hess f6bd81db15 Added a hardlink option in the setup file, useful if the source and dest are on the same filesystem and the wiki includes large media files, which would normally be copied, wasting time and space. 2008-03-29 21:02:47 -04:00
Joey Hess d2911a20a6 inline: Allow the "feedshow" parameter to take values greater than the value for "show". 2008-03-23 17:39:03 -04:00