Commit Graph

1044 Commits (c522fffe09eea30a97213af1ecddfe6833d131e7)

Author SHA1 Message Date
Joey Hess a78a981792 attachment location
Put the attachment in a subdir of the page it's attached to,
unless that page is an "index" page.
2008-07-01 13:31:09 -04:00
Joey Hess b4296a4943 simplification 2008-07-01 13:31:03 -04:00
Joey Hess de6ed410bc reorder
canedit should fail first as it's a less expensive and harder to pass test
2008-07-01 13:22:11 -04:00
Joey Hess dbf23748dd call check_canedit
Needed to prevent uploads of locked pages as attachments.
2008-07-01 13:20:42 -04:00
Joey Hess cec45b69da bugfix; support pagetype of "0" 2008-07-01 00:43:19 -04:00
Joey Hess 4fa115fdb5 copy the attachment into srcdir 2008-07-01 00:42:42 -04:00
Joey Hess 0f8ea7ecca break out fast_file_copy 2008-07-01 00:42:23 -04:00
Joey Hess 49514f39f6 fix some messages 2008-06-30 23:32:08 -04:00
Joey Hess b01ee9b3b3 add an ispage limit 2008-06-30 23:17:01 -04:00
Joey Hess 622033f5d6 minor improvements 2008-06-30 23:04:37 -04:00
Joey Hess 0a37c45f32 basic attachment plugin, unfinished
Currently includes UI, and a few tests of the attachment, as well as the
framework to extend pagespecs to test attachments. Does not actually save
the file yet.
2008-06-30 22:58:33 -04:00
Joey Hess dbab5e9b85 disable cgi uploads earlier
This allows plugins that want to enable uploads to do so by changing the
value of $CGI::DISABLE_UPLOADS at some point before the cgi hook is run.
2008-06-30 21:13:41 -04:00
Joey Hess e1d9747be1 remove unused editpage title
The title was set to editpage, but then always changed.
And some code tested for this. Remove this dead code.
2008-06-30 20:33:39 -04:00
Joey Hess 8e43bc0e0f Configure CGI.pm to disable file uploads by default. 2008-06-30 20:01:10 -04:00
Joey Hess b66f9a1981 call format hooks when generating page previews
* toc: Revert change in 2.45 that made it run at sanitize time. This breaks
  use of toc in a sidebar.
* Call format hooks when generating page previews, thus fixing toc display
  there, as well as fixing inlins to again display in page previews, since
  it's started using format hooks. This also allows several other things,
  like embed, that use format hooks, to work during page preview time.
* Format hooks should not rely on getting an entire html document, as they
  will only get the body during page preview.
* toggle: Deal with preview mode when adding javascript.
2008-06-28 23:08:24 -04:00
Joey Hess 00503f25cd smiley: Generate links relative to the destpage. (Fixes a reversion from 2.41.) 2008-06-28 16:58:43 -04:00
Joey Hess 17a09ef88e pagesources might not be populated 2008-06-24 20:47:15 -04:00
Joey Hess 7fbbcc1615 only convert urls if the module is installed 2008-06-24 20:38:41 -04:00
Joey Hess a4d693f659 formatting 2008-06-24 20:35:21 -04:00
Joey Hess 532d4b0d5f rename to txt 2008-06-24 20:33:41 -04:00
Joey Hess 3f6d3f3be8 initial version 2008-06-24 20:33:03 -04:00
Bernd Zeimetz 4a9567595a Disable handling of "bare" links by the creole plugin.
This change needs libtext-wikicreole-perl (>= 0.05-2).
Also removing custom link function, there's no need for it -
if it is not defined, the unmodified markup will be returned.
2008-06-24 16:52:23 -04:00
Bernd Zeimetz b16c43a440 `template` option for aggregate.pm.
Allows to specify the template file which is used to
create the html pages.
2008-06-21 16:23:39 -04:00
Joey Hess 1b6b4da3a3 avoid creole parsing wikilinks
ikiwiki already does, and escaped links should not be processed by creole
after ikiwiki de-escapes them
2008-06-19 19:54:46 -04:00
Joey Hess 98095ccac4 creole: New plugin from Bernd Zeimetz. Closes: #486930 2008-06-19 19:11:18 -04:00
Joey Hess bd7edfd9ca textile: The Text::Textile perl module has some regexps that fail if input is flagged as utf-8, but contains invalid characters such as 0x92. To prevent it from crashing, re-encode the content before calling it, which will ensure that it's really utf-8. 2008-06-16 15:43:37 -04:00
Joey Hess 4da54999de meta: Store "description" in pagestate for use by other plugins.
map: Support show=description.
2008-06-15 19:08:50 -04:00
Joey Hess ebb2b9cbda bugfixes for show=title
Can't sort by titles; the tree building logic requires that the list be
sorted by page name.

Setting linktext => $page is not the same as omitting it entirely. So some
contortions to only set linktext when the page name is not being shown.
2008-06-15 19:08:24 -04:00
Joey Hess ce029bfe04 check that parent hash exists, to avoid creating it 2008-06-15 18:10:47 -04:00
Joey Hess 069b10cc6a note about titles and dependencies 2008-06-15 18:09:46 -04:00
Joey Hess 78a7f6938f style changes
Reindented, moved a TODO from page to code, trimmed some unnecessary
comments, and simplified the use of mkstemp.
2008-06-15 16:26:15 -04:00
Joey Hess a7a1d00e1c initial add 2008-06-15 16:25:18 -04:00
Joey Hess 71d984b310 map: Add a "show" parameter. "show=title" can be used to display page titles, rather than the default page name. Based on a patch from Jaldhar H. Vyas, Closes: #484510 2008-06-15 16:11:11 -04:00
Joey Hess 5807f1de04 fix two build bugs
* ikiwiki-mass-rebuild: Make group list comparison more robust.
* search: Work around xapian bug #486138 by only stemming locales
  in a whitelist.
2008-06-13 13:05:44 -04:00
Joey Hess ecfb14f7d1 Don't generate empty title attributes, etc, and allow setting defaults for class and id too. 2008-06-08 00:02:33 -04:00
Joey Hess f6b47b0d1c img: Support captions. 2008-06-07 23:45:40 -04:00
Joey Hess 3215b5a982 finishing touches on the new search plugin
- Add a Help link.
- If the pageterm is too long, hash it.
2008-06-04 15:24:28 -04:00
Joey Hess a3d8f4904e set rebuild before loading plugins
This fixes a recent minor reversion caused by loading plugins earlier than
the messages are printed. Some plugins might check if rebuild is set.
2008-06-04 15:22:41 -04:00
Joey Hess ea5da19189 fix uninitialized value problem
This occurred when a plugin, loaded earlier, filled out a template in its
checkconfig, before recentchanges's checkconfig had run. Since such a
template won't be a recentchanges template, just test for the value being
uninitialized and skip processing.
2008-06-04 15:00:24 -04:00
Joey Hess e4119f048c The search interface now allows searching for a page by title ("title:foo"), as well as for pages that contain a given link ("link:bar"). 2008-06-04 14:13:21 -04:00
Joey Hess 319e2c94de it's not $title, try the other variable 2008-06-04 13:41:15 -04:00
Joey Hess 295e958da5 don't use meta title
Using the title obscured path info, and made search results look
inconsistent. Since nothing else uses the title like that, it didn't make
sense for search to.
2008-06-04 13:12:10 -04:00
Joey Hess bf9829352b have the xapian stemmer use a language based on LANG 2008-06-04 02:41:02 -04:00
Joey Hess 27376abb3c also decode html entities in the title 2008-06-04 01:50:51 -04:00
Joey Hess 4a51e384eb decode html entities 2008-06-04 01:34:26 -04:00
Joey Hess 9976c31aca fix clearing index on page deletion 2008-06-04 01:28:35 -04:00
Joey Hess 1dddec0ba9 Pass a destpage parameter to the sanitize hook.
Because the search plugin needed it, also because it's one of the few
plugins that didn't already have it.

I also considered adding it to htmlize, but I really cannot imagine caring
what the destpage is when htmlizing. (I'll probably be poven wrong later.)
2008-06-04 01:24:23 -04:00
Joey Hess 1546b48b97 move indexing to sanitize hook
I think this will give better results overall.

I made %IkiWiki::preprocessing accessible and used it to avoid indexing
at unnecessary points.
2008-06-04 00:58:46 -04:00
Joey Hess ce826411b2 more search improvements 2008-06-04 00:38:40 -04:00
Joey Hess aefe5dd9cb more substr fixes 2008-06-04 00:25:56 -04:00
Joey Hess fab1333b67 Filter hooks are no longer called during the scan phase. This will prevent wikilinks added by filters from being scanned properly. But no known filter hook does that, and calling filters unncessarily during scan slowed down complex filters such as the one used to update the xapian index. 2008-06-04 00:15:15 -04:00
Joey Hess 53b188ed35 add a colon to disambiguate
The omega docs suggest doing this if the term may contain upper case, which
it could here.
2008-06-03 23:59:25 -04:00
Joey Hess 9c717d0873 avoid warning
"substr outside of string"
2008-06-03 23:58:19 -04:00
Joey Hess 7fc29119db use "U" term
this seems to be the thing to use for a unique id
2008-06-03 23:56:45 -04:00
Joey Hess 3ba723d79a don't loop forever 2008-06-03 23:55:00 -04:00
Joey Hess 6b7d90d88a fixed most of the xapian todos 2008-06-03 23:52:56 -04:00
Joey Hess 18b0aa1f13 prettify page names, and drop the redunadant url display 2008-06-03 22:11:33 -04:00
Joey Hess 02357b0b32 fix toindex 2008-06-03 21:59:21 -04:00
Joey Hess 44fde6cbff first pass at doing xapian indexing
Still some TODOs to fill in.
2008-06-03 21:14:56 -04:00
Joey Hess 8a6a5320ed search: Converted to use xapian-omega.
Everything is done except for the actual indexing. I plan to do incremental
indexing as pages change.
2008-06-03 15:29:54 -04:00
Joey Hess 99e5e6dd08 inline: The optimisation in 2.41 broke nested inlines. Detect those and avoid overoptimising. 2008-05-31 15:10:23 -04:00
Joey Hess 0a35e8a352 haiku: Generate valid xhtml. 2008-05-30 19:10:58 -04:00
Joey Hess e943812dc9 hashed password support, and empty password security fix
This implements the previously documented hashed password support.

While implementing that, I noticed a security hole, which this commit
also fixes..
2008-05-30 17:35:34 -04:00
Joey Hess 9d93029f01 teximg: If the log isn't written, avoid ugly error messages. 2008-05-29 19:29:40 -04:00
Joey Hess b0a7b2f3d7 teximg: Fix logurl. 2008-05-29 19:28:46 -04:00
Joey Hess d5d56a24bd When calling decode_utf8 on known-problimatic content in aggregate, explicitly pass 0 (FB_DEFAULT) as the second parameter. Apparently perl 5.8 needs this to avoid crashing on malformed utf-8, despite its docs saying it is the default. 2008-05-28 15:38:04 -04:00
Thomas Schwinge 1e16ab178d Avoid ``uninitialized value'' warning when there actually is no difference between the two versions. 2008-05-25 14:25:34 -04:00
Joey Hess f6f25758a8 Perls older than 5.10 need to use the old method of decoding utf-8 in CGI values. Neither method will work for all versions of perl, so check version number at runtime. 2008-05-21 15:30:56 -04:00
Joey Hess 9a8a67f078 display an error message if CGI::Session fails to load 2008-05-21 15:15:11 -04:00
Joey Hess 0bf5248427 git: Skip over signed-off-by and similar lines in commit messages when generating recentchanges. 2008-05-15 18:03:44 -04:00
Joey Hess 8a888a8fed inline: Display a message if the 'pages' parameter is missing, before it just expanded to nothing. 2008-05-15 17:22:54 -04:00
Joey Hess 833610a5b4 orphans: As a special case, the toplevel index page is never considered an orphaned page. 2008-05-15 16:47:44 -04:00
Joey Hess fba4a198b5 mdwn: Add a multimarkdown setup file option. 2008-05-13 12:43:25 -04:00
Joey Hess fb3d5b4800 Fixes for behavior changes in perl 5.10's CGI
Something has changed in CGI.pm in perl 5.10. It used to not care
if STDIN was opened using :utf8, but now it'll mis-encode utf-8 values
when used that way by ikiwiki. Now I have to binmode(STDIN) before
instantiating the CGI object.

In 57bba4dac1, I changed from decoding
CGI::Formbuilder fields to utf-8, to decoding cgi parameters before setting
up the form object. As of perl 5.10, that approach no longer has any effect
(reason unknown). To get correctly encoded values in FormBuilder forms,
they must once again be decoded after the form is set up.

As noted in 57bba4da, this can cause one set of problems for
formbuilder_setup hooks if decode_form_utf8 is called before the hooks, and
a different set if it's called after. To avoid both sets of problems, call
it both before and after. (Only remaining problem is the sheer ugliness and
inefficiency of that..)

I think that these changes will also work with older perl versions, but I
haven't checked.

Also, in the case of the poll plugin, the cgi parameter needs to be
explcitly decoded before it is used to handle utf-8 values. (This may have
always been broken, not sure if it's related to perl 5.10 or not.)
2008-05-12 20:44:22 -04:00
Joey Hess 489a6fc8bf paste-o 2008-05-08 16:12:09 -04:00
Joey Hess a50fb83394 add --delete-bucket option 2008-05-08 16:11:39 -04:00
Joey Hess b7950d8d01 load plugins before printing messages
This allows plugins to getopt and change what is done before an incorrect
line is printed.
2008-05-08 16:08:02 -04:00
Joey Hess b8d81b7b7f amazon s3 index file improvements
Turns out duplicate index files do not need to be stored when usedirs is in
use, just when it's not. Ikiwiki is quite consistent about using page/ when
usedirs is in use. (The only exception is the search plugin, which needs
fixing.)

This also includes significant code cleanup, removal of a incorrect special
case for empty files, and addition of a workaround for a bug in the amazon
perl module.
2008-05-08 15:51:09 -04:00
Joey Hess 8861af53db simplify key determination code 2008-05-08 13:00:05 -04:00
Joey Hess 71c6cddcb0 remove debugging 2008-05-07 23:58:01 -04:00
Joey Hess 0850cde5a6 implemented pruning, s3 support now complete-ish 2008-05-07 23:51:25 -04:00
Joey Hess db30d61f59 forgot to add.. 2008-05-07 23:39:52 -04:00
Joey Hess 9e6a4ccfdd amazon s3 support implemented and kinda working
pruning not yet implemented, however
2008-05-07 23:15:43 -04:00
Joey Hess ec866f8370 Optimised file statting code when scanning for modified pages; cut the number of system calls in half. (Still room for improvement.) 2008-05-07 14:11:56 -04:00
Joey Hess b144831e46 pinger/pingee now tested and working 2008-05-06 19:06:53 -04:00
Joey Hess 457de90f5f POSIX::setsid is not exported per default 2008-05-06 18:41:56 -04:00
Joey Hess 1f88cad3a2 aggregate: Add support for web-based triggering of aggregation for people stuck on shared hosting without cron. (Sheesh.) Enabled via the `aggregate_webtrigger` configuration optiom. 2008-05-05 20:20:45 -04:00
Joey Hess f06267fc3b git: Put -- before the filename when calling git rev-list to avoid warning message when the file doesn't exist. 2008-05-02 13:03:42 -04:00
Joey Hess b2dea99417 Fix ugly display when editing a page that has vanished.
srcfile now has an optional second parameter to avoid it throwing an error
if the source file does not exist.
2008-05-02 13:02:07 -04:00
Joey Hess 9fca7f2f8b avoid uninitialised value 2008-05-02 13:01:51 -04:00
Joey Hess 6f852e88e3 anonk: Add anonok_pagespec configuration setting that can be used to allow anonymous users to edit only matching pages. Closes: #478892 2008-05-01 14:58:23 -04:00
Joey Hess bb51e81762 img: Support a title attribute, will be passed through to html. Closes: #478718 2008-04-30 12:58:36 -04:00
Joey Hess 9652cdfe2e toc: Add the table of contents at sanitize time, rather than at format time. This allows the toc to be displayed when previewing an edit. It also avoids headers in the page template from showing up in the toc. 2008-04-26 15:13:01 -04:00
Joey Hess b698bf2408 Use bzr --quiet to avoid it outputting stuff and messing up http headers. (Scott Bronson) 2008-04-10 17:44:40 -04:00
Joey Hess e4395a567b Fix broken rcs_update for bzr. (Scott Bronson) 2008-04-10 17:41:43 -04:00
Joey Hess 72b5ef2c5f Fix CSRF attacks against the preferences and edit forms. Closes: #475445
The fix involved embedding the session id in the forms, and not allowing the
forms to be submitted if the embedded id does not match the session id.

In the case of the preferences form, if the session id is not embedded,
then the CGI parameters are cleared. This avoids a secondary attack where the
link to the preferences form prefills password or other fields, and
the user hits "submit" without noticing these prefilled values.

In the case of the editpage form, the anonok plugin can allow anyone to edit,
and so I chose not to guard against CSRF attacks against users who are not
logged in. Otherwise, it also embeds the session id and checks it.

For page editing, I assume that the user will notice if content or commit
message is changed because of CGI parameters, and won't blndly hit save page.
So I didn't block those CGI paramters. (It's even possible to use those CGI
parameters, for good, not for evil, I guess..)

The only other CSRF attack I can think of in ikiwiki involves the poll plugin.
It's certianly possible to set up a link that causes the user to unknowingly
vote in a poll. However, the poll plugin is not intended to be used for things
that people would want to attack, since anyone can after all edit the poll page
and fill in any values they like. So this "attack" is ignorable.
2008-04-10 16:35:30 -04:00
Joey Hess 04e7467807 need to handle urls to images the same
Also, simplified finding the url to the top of the site.
2008-04-03 16:37:05 -04:00
Manoj Srivastava c207086282 Bug#473987: [PATCH] Links relative to baseurl mangled in atom/rss feeds
tag 473987 +patch
thanks
Hi,

The issue is that we need to convert relative links to absolute
ones for atom and rss feeds -- but there are two types of
relative links. The first kind, relative to the current
document ( href="some/path") is handled correctly. The second
kind of relative url is is relative to the http server
base (href="/semi-abs/path"), and that broke.

It broke because we just prepended the url of the current
document to the href (http://host/path/to/this-doc/ + link),
which gave us, in the first place:
 http://host/path/to/this-doc/some/path        [correct], and
 http://host/path/to/this-doc//semi-abs/path   [wrong]

The fix is to calculate the base for the http server (the base of
the wiki does not help, since the base of the wiki can be
different from the base of the http server -- I have, for example,
"url => http://host.name.mine/blog/manoj/"), and prepend that to
the relative references that start with a /.

This has been tested.

Signed-off-by: Manoj Srivastava <srivasta@debian.org>
2008-04-03 16:27:29 -04:00
Joey Hess de8c34df59 aggregate: Correct a mistake in the code that dummy up a guid for feeds lacking one. 2008-04-03 02:36:01 -04:00
Joey Hess f6bd81db15 Added a hardlink option in the setup file, useful if the source and dest are on the same filesystem and the wiki includes large media files, which would normally be copied, wasting time and space. 2008-03-29 21:02:47 -04:00