urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7,511 Commits
1 Branch
0 Tags
26 MiB
Commit Graph

7511 Commits (b21d4d60fbfd090d76e2d1937c4e16f4b5abf5ef)

Author SHA1 Message Date
Joey Hess 570f7e6594 web commit by http://hands.com/~phil/ 2008-04-15 06:39:46 -04:00
Joey Hess 982f969367 web commit by http://hands.com/id/phil/ 2008-04-13 16:54:58 -04:00
Joey Hess 10150e675d web commit by http://sabr.myopenid.com/ 2008-04-13 12:55:51 -04:00
Joey Hess 1efaa8e6ec web commit by http://sabr.myopenid.com/ 2008-04-13 12:55:02 -04:00
Joey Hess c8097457a7 web commit by http://sabr.myopenid.com/ 2008-04-13 12:52:22 -04:00
Joey Hess 9a2dfd21ab web commit by http://sabr.myopenid.com/ 2008-04-13 12:48:28 -04:00
Joey Hess 3f0de75332 web commit by http://sabr.myopenid.com/: add a toc to test it appearing in preview... it doesn't. 2008-04-13 12:21:33 -04:00
Joey Hess 40c03af378 web commit by http://sabr.myopenid.com/ 2008-04-13 12:08:44 -04:00
Joey Hess f4797af297 web commit by http://sabr.myopenid.com/ 2008-04-12 22:53:53 -04:00
Joey Hess 50e06351ca web commit by http://sabr.myopenid.com/ 2008-04-12 22:46:00 -04:00
Joey Hess 78e740f643 web commit by http://sabr.myopenid.com/ 2008-04-12 22:23:55 -04:00
Joey Hess c70160e995 web commit by http://sabr.myopenid.com/ 2008-04-12 22:15:21 -04:00
Joey Hess d97ca8c610 web commit by http://sabr.myopenid.com/ 2008-04-12 20:36:15 -04:00
Joey Hess 378c2696d9 web commit by http://sabr.myopenid.com/ 2008-04-12 20:13:42 -04:00
Joey Hess 7518b245f2 web commit by http://sabr.myopenid.com/ 2008-04-12 20:05:34 -04:00
Joey Hess 060ceaba1f web commit by http://sabr.myopenid.com/ 2008-04-12 20:04:59 -04:00
Joey Hess 4988a901c8 web commit by http://sabr.myopenid.com/ 2008-04-12 20:04:29 -04:00
Joey Hess 7178de28da web commit by tschwinge: Modify. 2008-04-12 18:01:54 -04:00
Joey Hess 461f907403 web commit by http://sabr.myopenid.com/ 2008-04-12 17:57:09 -04:00
Joey Hess 3b7b057e01 patch, thoughts 2008-04-12 17:19:32 -04:00
Joey Hess d17e1d8c9d Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info 2008-04-12 17:12:40 -04:00
Joey Hess 57035d610e web commit by http://sabr.myopenid.com/ 2008-04-12 13:21:11 -04:00
Joey Hess 14b59caba3 Recommend a recent git-core for git init. Closes: 475609 2008-04-11 20:06:23 -04:00
Joey Hess 1f4dec34e2 web commit by cjb: Added wiktionary shortcut 2008-04-10 21:55:25 -04:00
Joey Hess 26c96e1f10 web commit by http://sabr.myopenid.com/ 2008-04-10 20:18:20 -04:00
Joey Hess 2718fc2b25 response 2008-04-10 19:54:38 -04:00
Joey Hess 92e39d7391 cannot reproduce 2008-04-10 19:32:43 -04:00
Joey Hess abde579038 response 2008-04-10 19:25:23 -04:00
Joey Hess 51f75484d7 let's move the access keys discussion out to the todo item about it 2008-04-10 19:18:34 -04:00
Joey Hess d9275303cc correct the command line used to generate the favicon 2008-04-10 18:51:21 -04:00
Joey Hess 58e346d229 correct utf-8 damage introduced by jblevins's modification of this page 2008-04-10 18:00:17 -04:00
Joey Hess 235b6d18b6 change wording 2008-04-10 17:59:11 -04:00
Joey Hess 04d601f419 response 2008-04-10 17:53:24 -04:00
Joey Hess 2beb279806 Give the full path to the hyperestraier helpfile in estseek.conf. 2008-04-10 17:50:43 -04:00
Joey Hess b698bf2408 Use bzr --quiet to avoid it outputting stuff and messing up http headers. (Scott Bronson) 2008-04-10 17:44:40 -04:00
Joey Hess e4395a567b Fix broken rcs_update for bzr. (Scott Bronson) 2008-04-10 17:41:43 -04:00
Joey Hess e1d456a86f Fix missing import of escapeHTML in userlink. (Scott Bronson) 2008-04-10 17:39:51 -04:00
Joey Hess 15237c74fc response 2008-04-10 17:31:39 -04:00
Joey Hess a91f044044 add news item for ikiwiki 2.42 2008-04-10 17:24:24 -04:00
Joey Hess 7f51c69491 releasing version 2.42 2008-04-10 17:24:08 -04:00
Joey Hess d5c964508f Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info 2008-04-10 17:12:55 -04:00
Joey Hess ab0e0e807a perl dumping core is not an ikiwiki bug, sorry 2008-04-10 17:09:58 -04:00
Joey Hess 555f1d0512 web commit by http://joey.kitenet.net/: test 2008-04-10 16:46:23 -04:00
Joey Hess 243739e1c3 Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info 2008-04-10 16:35:50 -04:00
Joey Hess 72b5ef2c5f Fix CSRF attacks against the preferences and edit forms. Closes: #475445 
The fix involved embedding the session id in the forms, and not allowing the
forms to be submitted if the embedded id does not match the session id.

In the case of the preferences form, if the session id is not embedded,
then the CGI parameters are cleared. This avoids a secondary attack where the
link to the preferences form prefills password or other fields, and
the user hits "submit" without noticing these prefilled values.

In the case of the editpage form, the anonok plugin can allow anyone to edit,
and so I chose not to guard against CSRF attacks against users who are not
logged in. Otherwise, it also embeds the session id and checks it.

For page editing, I assume that the user will notice if content or commit
message is changed because of CGI parameters, and won't blndly hit save page.
So I didn't block those CGI paramters. (It's even possible to use those CGI
parameters, for good, not for evil, I guess..)

The only other CSRF attack I can think of in ikiwiki involves the poll plugin.
It's certianly possible to set up a link that causes the user to unknowingly
vote in a poll. However, the poll plugin is not intended to be used for things
that people would want to attack, since anyone can after all edit the poll page
and fill in any values they like. So this "attack" is ignorable.
 2008-04-10 16:35:30 -04:00
Joey Hess 609e74bbd8 fix what I think is a typo 2008-04-10 16:08:59 -04:00
Joey Hess c69c811d64 web commit by http://joey.kitenet.net/: oops :-) 2008-04-10 14:45:00 -04:00
Joey Hess ff363cf9a0 web commit by http://joey.kitenet.net/ 2008-04-10 14:43:58 -04:00
Joey Hess 5647448501 web commit by ScottSwalwell: Fixed my fix. 2008-04-10 13:01:27 -04:00
Joey Hess 7921d9456c web commit by ScottSwalwell: Fixed this link. 2008-04-10 13:00:36 -04:00