Commit Graph

207 Commits (b1b7a2100f6b32ef6bf75e9992e10ed7d28f8525)

Author SHA1 Message Date
Joey Hess 158c6c3ac8 detect sslcookie set and no https
This is likely a misconfiguration and can cause login to fail as the
browser refuses the send the session cookie back over http.

Not entirely happy with putting the check where I did, since users have to
try to log in, and fail, to see the misconfiguration explained. But I could
not find a better place to put the check.
2009-02-26 01:59:05 -05:00
Joey Hess b0361b8efd factor out IE stupididy workaround 2009-01-31 19:02:50 -05:00
Simon McVittie c886bea320 Split cgi_goto into a goto plugin 2009-01-31 23:01:10 +00:00
Simon McVittie 46b880f839 Split apache404 into an independent plugin
Also make it ignore the 'do' parameter at Joey's suggestion, to have one
less thing to remember when configuring.
2009-01-31 22:32:10 +00:00
Simon McVittie dedbe110f2 CGI: pad error responses with 512 bytes of spaces so IE will display them
IE displays its own error responses unless the server's was >= 512 bytes.
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q294807
2009-01-31 18:26:37 +00:00
Simon McVittie 170b86a2ef CGI: set up goto hook so that /ikiwiki.cgi?do=goto can be an Apache ErrorDocument 2009-01-31 18:09:24 +00:00
Simon McVittie 8322b8c9c8 CGI: add cgi_page_from_404(), which remaps a path like $REDIRECT_URL to an IkiWiki page name
Also add a regression test
2009-01-31 18:07:42 +00:00
Simon McVittie 78d1b2340e CGI: if the page is missing, give the "missing page" a 404 status 2009-01-31 16:51:13 +00:00
Simon McVittie 5ce3a01300 CGI: document why commenter and recentchanges_link are supported 2009-01-31 15:05:17 +00:00
Simon McVittie 18f4aeffb1 CGI: if the "do" parameter is goto, recentchanges_link or commenter, redirect to a page
This can replace equivalent functionality in comments and recentchanges.
2009-01-31 14:48:44 +00:00
Simon McVittie c2dafcb4e5 CGI: add cgi_goto(CGI, [page])
This redirects to the given page (or if none is given, the page parameter
given to the CGI), or displays an error with a create link if the page
doesn't exist.
2009-01-31 14:36:23 +00:00
Joey Hess 7ba65e7f4b remove deprecated admin prefs
A new ikiwiki-transition moveprefs subcommand can pull the old data out of
the userdb and inject it into the setup file.

Note that it leaves the old values behind in the userdb too. I did this
because I didn't want to lose data if it fails writing the setup file for
some reason, and the old data in the userdb will only use a small amount of
space. Running the command multiple times will mostly not change anything.
2008-12-24 16:16:03 -05:00
Joey Hess bb93fccf06 Coding style change: Remove explcit vim folding markers. 2008-12-17 15:22:16 -05:00
Joey Hess 985b229be6 checksessionexpiry: rework
This function as factored out was a bit confusing, I think this makes more
sense.
2008-12-17 14:26:08 -05:00
Simon McVittie 9a6005a212 editpage: factor out checksessionexpiry into IkiWiki::CGI 2008-12-11 21:14:03 +00:00
Joey Hess 3e992b758b Fix issue with utf-8 in wikiname breaking session cookies, by entity-encoding the wikiname in the session cookie. 2008-10-19 21:07:12 -04:00
Joey Hess 0f67e7d969 editpage: New core plugin factoring out page editing to allow disabling it if desired. 2008-09-05 13:57:25 -04:00
Joey Hess 2a29641097 Set cookies HttpOnly. 2008-08-28 16:09:58 -04:00
Joey Hess 46b3f54ab6 typo 2008-08-05 19:58:33 -04:00
Joey Hess d3cad5d2ca relocate 2008-08-02 16:41:35 -04:00
Joey Hess 25c35b6e90 banned_users move to setup file, stage 1 2008-08-01 17:39:17 -04:00
Joey Hess 1c9a3cb82b add a rename summary 2008-07-22 20:17:03 -04:00
Joey Hess d76c10cba2 Split out error messages from editpage.tmpl into several separate templates. 2008-07-22 19:58:34 -04:00
Joey Hess e3c0e49774 only htmlize errors when cgi is actually running 2008-07-12 23:23:25 -04:00
Joey Hess 4e1d7d8ff2 fix use ordering
The recent setup revamp exposed some latent bugs in use/package ordering
that caused some symbols to not the exported into the correct scope.
2008-07-11 06:09:34 -04:00
Joey Hess 3879c56e71 Fixes creation of pages when clicking on WikiLinks starting with "/". 2008-07-10 15:36:18 -04:00
Joey Hess 5d26ded381 work around CGI::Session constructor issues
The constructor can fail with a useless error message if module fail to
load. Work around this by evaling it, and checking for failures, and
printing CGI::Session->errstr to get a more useful message.
2008-07-10 13:17:56 -04:00
Joey Hess 05124f9a86 editpage escaping fixes
* The editpage form now uses the raw page name, not the page title, in its
  'page' cgi parameter. Using the title was ambiguous and made it
  impossible to tell between some pages, like "foo/bar" and "foo__47__bar",
  sometimes causing the wrong page to be edited.
* This change means that some edit links need to be updated.
  Force a rebuild on upgrade to this version.
* Above change also allowed really fixing escaped slashes from the blogpost
  form.
2008-07-06 15:52:04 -04:00
Joey Hess 7cd40ea4eb better approach for cgi upload disabling
Make it a config setting, this way subtle load order issues don't come into
play. (As much?)
2008-07-01 13:43:32 -04:00
Joey Hess b4296a4943 simplification 2008-07-01 13:31:03 -04:00
Joey Hess dbab5e9b85 disable cgi uploads earlier
This allows plugins that want to enable uploads to do so by changing the
value of $CGI::DISABLE_UPLOADS at some point before the cgi hook is run.
2008-06-30 21:13:41 -04:00
Joey Hess e1d9747be1 remove unused editpage title
The title was set to editpage, but then always changed.
And some code tested for this. Remove this dead code.
2008-06-30 20:33:39 -04:00
Joey Hess 8e43bc0e0f Configure CGI.pm to disable file uploads by default. 2008-06-30 20:01:10 -04:00
Joey Hess b66f9a1981 call format hooks when generating page previews
* toc: Revert change in 2.45 that made it run at sanitize time. This breaks
  use of toc in a sidebar.
* Call format hooks when generating page previews, thus fixing toc display
  there, as well as fixing inlins to again display in page previews, since
  it's started using format hooks. This also allows several other things,
  like embed, that use format hooks, to work during page preview time.
* Format hooks should not rely on getting an entire html document, as they
  will only get the body during page preview.
* toggle: Deal with preview mode when adding javascript.
2008-06-28 23:08:24 -04:00
Joey Hess 1dddec0ba9 Pass a destpage parameter to the sanitize hook.
Because the search plugin needed it, also because it's one of the few
plugins that didn't already have it.

I also considered adding it to htmlize, but I really cannot imagine caring
what the destpage is when htmlizing. (I'll probably be poven wrong later.)
2008-06-04 01:24:23 -04:00
Joey Hess f6f25758a8 Perls older than 5.10 need to use the old method of decoding utf-8 in CGI values. Neither method will work for all versions of perl, so check version number at runtime. 2008-05-21 15:30:56 -04:00
Joey Hess 9a8a67f078 display an error message if CGI::Session fails to load 2008-05-21 15:15:11 -04:00
Joey Hess fb3d5b4800 Fixes for behavior changes in perl 5.10's CGI
Something has changed in CGI.pm in perl 5.10. It used to not care
if STDIN was opened using :utf8, but now it'll mis-encode utf-8 values
when used that way by ikiwiki. Now I have to binmode(STDIN) before
instantiating the CGI object.

In 57bba4dac1, I changed from decoding
CGI::Formbuilder fields to utf-8, to decoding cgi parameters before setting
up the form object. As of perl 5.10, that approach no longer has any effect
(reason unknown). To get correctly encoded values in FormBuilder forms,
they must once again be decoded after the form is set up.

As noted in 57bba4da, this can cause one set of problems for
formbuilder_setup hooks if decode_form_utf8 is called before the hooks, and
a different set if it's called after. To avoid both sets of problems, call
it both before and after. (Only remaining problem is the sheer ugliness and
inefficiency of that..)

I think that these changes will also work with older perl versions, but I
haven't checked.

Also, in the case of the poll plugin, the cgi parameter needs to be
explcitly decoded before it is used to handle utf-8 values. (This may have
always been broken, not sure if it's related to perl 5.10 or not.)
2008-05-12 20:44:22 -04:00
Joey Hess b2dea99417 Fix ugly display when editing a page that has vanished.
srcfile now has an optional second parameter to avoid it throwing an error
if the source file does not exist.
2008-05-02 13:02:07 -04:00
Joey Hess 72b5ef2c5f Fix CSRF attacks against the preferences and edit forms. Closes: #475445
The fix involved embedding the session id in the forms, and not allowing the
forms to be submitted if the embedded id does not match the session id.

In the case of the preferences form, if the session id is not embedded,
then the CGI parameters are cleared. This avoids a secondary attack where the
link to the preferences form prefills password or other fields, and
the user hits "submit" without noticing these prefilled values.

In the case of the editpage form, the anonok plugin can allow anyone to edit,
and so I chose not to guard against CSRF attacks against users who are not
logged in. Otherwise, it also embeds the session id and checks it.

For page editing, I assume that the user will notice if content or commit
message is changed because of CGI parameters, and won't blndly hit save page.
So I didn't block those CGI paramters. (It's even possible to use those CGI
parameters, for good, not for evil, I guess..)

The only other CSRF attack I can think of in ikiwiki involves the poll plugin.
It's certianly possible to set up a link that causes the user to unknowingly
vote in a poll. However, the poll plugin is not intended to be used for things
that people would want to attack, since anyone can after all edit the poll page
and fill in any values they like. So this "attack" is ignorable.
2008-04-10 16:35:30 -04:00
Joey Hess 52e16d4ec9 * Record new pages in %pagesources temporarily when previewing so that
things that need to know the page source or type can query it from there.
  Fixes previewing of tables when creating a new page.
2008-03-17 21:28:31 -04:00
Joey Hess f7bdc2385d * Use forcebaseurl to make page previews be displayed with the html base
set to the destination page. This avoids need for hacks to munge the urls
  in preview mode, which fixes several bugs.
* Several destpage fixes in plugins.
2008-03-12 14:21:48 -04:00
Joey Hess bd55d276b3 Fix links generated by preprocessor directives when previewing.
As was already done for linkfication, links generated in a prevew page
are relative to the top of the wiki, so it has to be told that the destpage
is there.

I was using "" to indicate this, but that may confuse some preprocessor
plugins, which treat parameters with an empry value specially (sparkline is one
such). Instead, use "/", which is more accurate anyway and works just as well.
2008-02-24 16:37:11 -05:00
Joey Hess 553136ec1f * Preview limits the page dropdown to what's selected previously
(as preserving the full list across preview would be tricky). Userdirs
  were still being offered as an option there, remove them.
* Fix a bug where user A created a page concurrently with user B, and
  when B previewed it would redirect B to A's new page, losing B's work.
  Instead, don't redirect and let conflict handling resolve it.
2008-02-14 15:42:14 -05:00
Joey Hess a3f224cb6c move saveindex call into preview block
This call is only present to handle the case where previewing a page
actually causes files to be rendered.
2008-02-03 19:51:00 -05:00
Joey Hess 408419ca3e remove another commit mail mention 2008-02-03 19:47:01 -05:00
Joey Hess 80915c830a * cgi hooks are now run before ikiwiki state is loaded.
* This allows locking the wiki before loading state, which avoids some
  tricky locking code when saving a web edit.
2008-02-03 00:23:04 -05:00
Joey Hess 21f44880cd non-tabular recentchanges display
Doesn't look as good as the old table, but works as a rss feed.
2008-01-29 01:48:55 -05:00
Joey Hess d7fdd04b5a * Removed support for sending commit notification mails. Along with it went
the svnrepo and notify settings, though both will be ignored if left in
  setup files.
2008-01-29 00:36:58 -05:00
Joey Hess 0d2894711c support for internal-use page types
If a page type starts with an underscore, hide it from the list of page types
in the edit form, and don't allow editing pages of that type. This allows
for plugins to add page types for internal use.
2008-01-28 23:08:48 -05:00