Commit Graph

1044 Commits (c522fffe09eea30a97213af1ecddfe6833d131e7)

Author SHA1 Message Date
Joey Hess fab1333b67 Filter hooks are no longer called during the scan phase. This will prevent wikilinks added by filters from being scanned properly. But no known filter hook does that, and calling filters unncessarily during scan slowed down complex filters such as the one used to update the xapian index. 2008-06-04 00:15:15 -04:00
Joey Hess 53b188ed35 add a colon to disambiguate
The omega docs suggest doing this if the term may contain upper case, which
it could here.
2008-06-03 23:59:25 -04:00
Joey Hess 9c717d0873 avoid warning
"substr outside of string"
2008-06-03 23:58:19 -04:00
Joey Hess 7fc29119db use "U" term
this seems to be the thing to use for a unique id
2008-06-03 23:56:45 -04:00
Joey Hess 3ba723d79a don't loop forever 2008-06-03 23:55:00 -04:00
Joey Hess 6b7d90d88a fixed most of the xapian todos 2008-06-03 23:52:56 -04:00
Joey Hess 18b0aa1f13 prettify page names, and drop the redunadant url display 2008-06-03 22:11:33 -04:00
Joey Hess 02357b0b32 fix toindex 2008-06-03 21:59:21 -04:00
Joey Hess 44fde6cbff first pass at doing xapian indexing
Still some TODOs to fill in.
2008-06-03 21:14:56 -04:00
Joey Hess 8a6a5320ed search: Converted to use xapian-omega.
Everything is done except for the actual indexing. I plan to do incremental
indexing as pages change.
2008-06-03 15:29:54 -04:00
Joey Hess 99e5e6dd08 inline: The optimisation in 2.41 broke nested inlines. Detect those and avoid overoptimising. 2008-05-31 15:10:23 -04:00
Joey Hess 0a35e8a352 haiku: Generate valid xhtml. 2008-05-30 19:10:58 -04:00
Joey Hess e943812dc9 hashed password support, and empty password security fix
This implements the previously documented hashed password support.

While implementing that, I noticed a security hole, which this commit
also fixes..
2008-05-30 17:35:34 -04:00
Joey Hess 9d93029f01 teximg: If the log isn't written, avoid ugly error messages. 2008-05-29 19:29:40 -04:00
Joey Hess b0a7b2f3d7 teximg: Fix logurl. 2008-05-29 19:28:46 -04:00
Joey Hess d5d56a24bd When calling decode_utf8 on known-problimatic content in aggregate, explicitly pass 0 (FB_DEFAULT) as the second parameter. Apparently perl 5.8 needs this to avoid crashing on malformed utf-8, despite its docs saying it is the default. 2008-05-28 15:38:04 -04:00
Thomas Schwinge 1e16ab178d Avoid ``uninitialized value'' warning when there actually is no difference between the two versions. 2008-05-25 14:25:34 -04:00
Joey Hess f6f25758a8 Perls older than 5.10 need to use the old method of decoding utf-8 in CGI values. Neither method will work for all versions of perl, so check version number at runtime. 2008-05-21 15:30:56 -04:00
Joey Hess 9a8a67f078 display an error message if CGI::Session fails to load 2008-05-21 15:15:11 -04:00
Joey Hess 0bf5248427 git: Skip over signed-off-by and similar lines in commit messages when generating recentchanges. 2008-05-15 18:03:44 -04:00
Joey Hess 8a888a8fed inline: Display a message if the 'pages' parameter is missing, before it just expanded to nothing. 2008-05-15 17:22:54 -04:00
Joey Hess 833610a5b4 orphans: As a special case, the toplevel index page is never considered an orphaned page. 2008-05-15 16:47:44 -04:00
Joey Hess fba4a198b5 mdwn: Add a multimarkdown setup file option. 2008-05-13 12:43:25 -04:00
Joey Hess fb3d5b4800 Fixes for behavior changes in perl 5.10's CGI
Something has changed in CGI.pm in perl 5.10. It used to not care
if STDIN was opened using :utf8, but now it'll mis-encode utf-8 values
when used that way by ikiwiki. Now I have to binmode(STDIN) before
instantiating the CGI object.

In 57bba4dac1, I changed from decoding
CGI::Formbuilder fields to utf-8, to decoding cgi parameters before setting
up the form object. As of perl 5.10, that approach no longer has any effect
(reason unknown). To get correctly encoded values in FormBuilder forms,
they must once again be decoded after the form is set up.

As noted in 57bba4da, this can cause one set of problems for
formbuilder_setup hooks if decode_form_utf8 is called before the hooks, and
a different set if it's called after. To avoid both sets of problems, call
it both before and after. (Only remaining problem is the sheer ugliness and
inefficiency of that..)

I think that these changes will also work with older perl versions, but I
haven't checked.

Also, in the case of the poll plugin, the cgi parameter needs to be
explcitly decoded before it is used to handle utf-8 values. (This may have
always been broken, not sure if it's related to perl 5.10 or not.)
2008-05-12 20:44:22 -04:00
Joey Hess 489a6fc8bf paste-o 2008-05-08 16:12:09 -04:00
Joey Hess a50fb83394 add --delete-bucket option 2008-05-08 16:11:39 -04:00
Joey Hess b7950d8d01 load plugins before printing messages
This allows plugins to getopt and change what is done before an incorrect
line is printed.
2008-05-08 16:08:02 -04:00
Joey Hess b8d81b7b7f amazon s3 index file improvements
Turns out duplicate index files do not need to be stored when usedirs is in
use, just when it's not. Ikiwiki is quite consistent about using page/ when
usedirs is in use. (The only exception is the search plugin, which needs
fixing.)

This also includes significant code cleanup, removal of a incorrect special
case for empty files, and addition of a workaround for a bug in the amazon
perl module.
2008-05-08 15:51:09 -04:00
Joey Hess 8861af53db simplify key determination code 2008-05-08 13:00:05 -04:00
Joey Hess 71c6cddcb0 remove debugging 2008-05-07 23:58:01 -04:00
Joey Hess 0850cde5a6 implemented pruning, s3 support now complete-ish 2008-05-07 23:51:25 -04:00
Joey Hess db30d61f59 forgot to add.. 2008-05-07 23:39:52 -04:00
Joey Hess 9e6a4ccfdd amazon s3 support implemented and kinda working
pruning not yet implemented, however
2008-05-07 23:15:43 -04:00
Joey Hess ec866f8370 Optimised file statting code when scanning for modified pages; cut the number of system calls in half. (Still room for improvement.) 2008-05-07 14:11:56 -04:00
Joey Hess b144831e46 pinger/pingee now tested and working 2008-05-06 19:06:53 -04:00
Joey Hess 457de90f5f POSIX::setsid is not exported per default 2008-05-06 18:41:56 -04:00
Joey Hess 1f88cad3a2 aggregate: Add support for web-based triggering of aggregation for people stuck on shared hosting without cron. (Sheesh.) Enabled via the `aggregate_webtrigger` configuration optiom. 2008-05-05 20:20:45 -04:00
Joey Hess f06267fc3b git: Put -- before the filename when calling git rev-list to avoid warning message when the file doesn't exist. 2008-05-02 13:03:42 -04:00
Joey Hess b2dea99417 Fix ugly display when editing a page that has vanished.
srcfile now has an optional second parameter to avoid it throwing an error
if the source file does not exist.
2008-05-02 13:02:07 -04:00
Joey Hess 9fca7f2f8b avoid uninitialised value 2008-05-02 13:01:51 -04:00
Joey Hess 6f852e88e3 anonk: Add anonok_pagespec configuration setting that can be used to allow anonymous users to edit only matching pages. Closes: #478892 2008-05-01 14:58:23 -04:00
Joey Hess bb51e81762 img: Support a title attribute, will be passed through to html. Closes: #478718 2008-04-30 12:58:36 -04:00
Joey Hess 9652cdfe2e toc: Add the table of contents at sanitize time, rather than at format time. This allows the toc to be displayed when previewing an edit. It also avoids headers in the page template from showing up in the toc. 2008-04-26 15:13:01 -04:00
Joey Hess b698bf2408 Use bzr --quiet to avoid it outputting stuff and messing up http headers. (Scott Bronson) 2008-04-10 17:44:40 -04:00
Joey Hess e4395a567b Fix broken rcs_update for bzr. (Scott Bronson) 2008-04-10 17:41:43 -04:00
Joey Hess 72b5ef2c5f Fix CSRF attacks against the preferences and edit forms. Closes: #475445
The fix involved embedding the session id in the forms, and not allowing the
forms to be submitted if the embedded id does not match the session id.

In the case of the preferences form, if the session id is not embedded,
then the CGI parameters are cleared. This avoids a secondary attack where the
link to the preferences form prefills password or other fields, and
the user hits "submit" without noticing these prefilled values.

In the case of the editpage form, the anonok plugin can allow anyone to edit,
and so I chose not to guard against CSRF attacks against users who are not
logged in. Otherwise, it also embeds the session id and checks it.

For page editing, I assume that the user will notice if content or commit
message is changed because of CGI parameters, and won't blndly hit save page.
So I didn't block those CGI paramters. (It's even possible to use those CGI
parameters, for good, not for evil, I guess..)

The only other CSRF attack I can think of in ikiwiki involves the poll plugin.
It's certianly possible to set up a link that causes the user to unknowingly
vote in a poll. However, the poll plugin is not intended to be used for things
that people would want to attack, since anyone can after all edit the poll page
and fill in any values they like. So this "attack" is ignorable.
2008-04-10 16:35:30 -04:00
Joey Hess 04e7467807 need to handle urls to images the same
Also, simplified finding the url to the top of the site.
2008-04-03 16:37:05 -04:00
Manoj Srivastava c207086282 Bug#473987: [PATCH] Links relative to baseurl mangled in atom/rss feeds
tag 473987 +patch
thanks
Hi,

The issue is that we need to convert relative links to absolute
ones for atom and rss feeds -- but there are two types of
relative links. The first kind, relative to the current
document ( href="some/path") is handled correctly. The second
kind of relative url is is relative to the http server
base (href="/semi-abs/path"), and that broke.

It broke because we just prepended the url of the current
document to the href (http://host/path/to/this-doc/ + link),
which gave us, in the first place:
 http://host/path/to/this-doc/some/path        [correct], and
 http://host/path/to/this-doc//semi-abs/path   [wrong]

The fix is to calculate the base for the http server (the base of
the wiki does not help, since the base of the wiki can be
different from the base of the http server -- I have, for example,
"url => http://host.name.mine/blog/manoj/"), and prepend that to
the relative references that start with a /.

This has been tested.

Signed-off-by: Manoj Srivastava <srivasta@debian.org>
2008-04-03 16:27:29 -04:00
Joey Hess de8c34df59 aggregate: Correct a mistake in the code that dummy up a guid for feeds lacking one. 2008-04-03 02:36:01 -04:00
Joey Hess f6bd81db15 Added a hardlink option in the setup file, useful if the source and dest are on the same filesystem and the wiki includes large media files, which would normally be copied, wasting time and space. 2008-03-29 21:02:47 -04:00
Joey Hess cb8d1c8642 revert destpage part of f7bdc2385
destpage does not normally need to be worried about when creating other files
as part of the process of rendering a page. Using destpage results in
inlined pages creating two copies of such files. It works to not use destpage
in this case because the inlining page depends on the source page, so if the
source page is modified or deleted the inlining page will be updated.
2008-03-23 20:01:26 -04:00
Joey Hess d2911a20a6 inline: Allow the "feedshow" parameter to take values greater than the value for "show". 2008-03-23 17:39:03 -04:00
Joey Hess 1c2f59239f typos 2008-03-21 19:09:29 -04:00
martin f. krafft e3624de63c Allow external plugins to return no value
Instead of using the XML-RPC v2 extension <nil/>, which Perl's
XML::RPC::Parser does not (yet) support (Joey's patch is pending), we
agreed on a sentinel: {'null':''}, that is, a hash with a single key
"null" pointing to the empty string.

The Python proxy automatically converts None appropriately and raises an
exception if a hook function should, by weird coincidence, attempt to
return {'null':''}.

Signed-off-by: martin f. krafft <madduck@madduck.net>
2008-03-21 15:07:10 -04:00
Joey Hess 14b3e645a8 work around perl warning 2008-03-21 05:08:04 -04:00
Joey Hess 42b6a6178c delete inline data after it's used 2008-03-21 04:51:14 -04:00
Joey Hess f937c1fb80 crazy optimisation to work around slow markdown
Markdown is slow. Especially if it has to process an enormous page. The
most common enormous page is currently the recentchanges page, which gets
processed a lot, and contains very little actual markdown. Most of it is a
big <div>, which markdown skips ... slowly.

This is a rather sick optimisation to work around markdown's speed issues.
Now inline inserts a small, dummy div, allows markdown to quickly render
the actual page content, then replaces the dummy with the actual inlined
pages later.

Results: Rendering just a recentchanges page, with diffs included, dropped
from 4.5 seconds to 2.7 seconds on my laptop. Building the entire wiki
dropped from 46.6 seconds to 39.5 seconds.

(It would be better if inline were a *post*-processor directive.)
2008-03-21 04:48:26 -04:00
Joey Hess 0b9e849aba process smilies in a sanitize hook
I had to move it to sanitize so all the markup is htmlized, so it can scan
for <pre> and <code>.
2008-03-21 03:16:28 -04:00
Joey Hess cd6055a893 another fix
I'm suprised that the second m//g didn't seem to clobber @-, but I don't
want to rely on that, so preserve it beforehand.
2008-03-21 02:57:34 -04:00
Joey Hess 88b5a0ece5 various fixes and simplifications 2008-03-21 02:55:14 -04:00
Joey Hess 44824dba1b smiley: Detect smileys inside pre and tags, and do not expand. 2008-03-21 02:43:20 -04:00
Joey Hess 628467125c Close meta tag for redir properly. 2008-03-21 00:24:06 -04:00
Joey Hess c92e9b34ec Store userinfo in network byte order for easy portability. (Old files will be automatically converted.) 2008-03-19 22:46:51 -04:00
Joey Hess 9f3788e2a2 optimisation, only load openid module when signing in
This makes the CGI about .2 seconds faster when editing pages etc.
2008-03-19 21:12:18 -04:00
Joey Hess d85c9660c5 fix setstate
Same fix as in d7f1292c31
2008-03-19 15:49:37 -04:00
Joey Hess 6eb3cf7e76 make setargv take an array
for consistentcy with getargv, which returns one
2008-03-19 15:49:00 -04:00
Joey Hess d7f1292c31 fix setvar
It was incorrectly setting the value to the number of items in @_, ie,
always 1.
2008-03-19 15:18:38 -04:00
Joey Hess f003e97d10 getargv needs to return a list reference
xml rpc only allows functions to return a single value, no lists. So getargv
needs to return a list reference, which means that the caller will see an xml
rpc array.
2008-03-19 15:12:59 -04:00
Joey Hess 52e16d4ec9 * Record new pages in %pagesources temporarily when previewing so that
things that need to know the page source or type can query it from there.
  Fixes previewing of tables when creating a new page.
2008-03-17 21:28:31 -04:00
Joey Hess ba480baa9e * external: Add getargv and setargv methods to allow access to ikiwiki's
@ARGV.
2008-03-15 14:19:49 -04:00
Joey Hess 5a7a89ffc5 * htmltidy: Pass --markup yes, in case tidy's config file disabled it. 2008-03-15 13:58:08 -04:00
Joey Hess e7ce86db11 * external: Fix support of XML::RPC::fault. 2008-03-15 13:49:22 -04:00
Joey Hess 7b6686ce70 * Fix expiry of old recentchanges changeset pages. 2008-03-14 18:55:17 -04:00
Joey Hess 16299dbae8 load HTML::Entities at top
Used in several subs, not all of which load it on demand, this seems simpler.
2008-03-14 18:43:54 -04:00
Joey Hess bc2671082b no need to use HTML::Entities, as it's loaded on demand by code below 2008-03-12 18:52:33 -04:00
Joey Hess 99c65a4c0e * Use absolute url for feedurl when filling out the feed templates.
Closes: #470530
2008-03-12 18:49:41 -04:00
Joey Hess 862ca19eb1 truncate recentchangesdiffs after 200 lines
This works around a perl crasher bug, and also avoids bloating pages
with enormous diffs.

rcs_recentchanges modified to return a list in an array context.
2008-03-12 15:45:10 -04:00
Joey Hess 3dc979470e use git show to get the diff
If a diff of the firsst commit in a git repo was requested, it would fail and
print to stderr since first^ isn't valid. Using git show will always work.
2008-03-12 14:44:20 -04:00
Joey Hess f7bdc2385d * Use forcebaseurl to make page previews be displayed with the html base
set to the destination page. This avoids need for hacks to munge the urls
  in preview mode, which fixes several bugs.
* Several destpage fixes in plugins.
2008-03-12 14:21:48 -04:00
Joey Hess 2fa9da9f16 * monotone: Require version 0.38 or greater, and stop using the mtnmergerc
option. (Brian May)
2008-03-12 10:46:04 -04:00
Joey Hess 51ee2a2eab fix syntax error 2008-03-12 10:35:25 -04:00
martin f. krafft d02e350a69 Correct meta.robots attribute value->content
This was a silly typo, sorry. <meta ...> takes an attribute content, not
value.

Signed-off-by: martin f. krafft <madduck@madduck.net>
2008-03-11 18:37:04 -04:00
martin f. krafft c471d5425f Generate openid2 headers as well
This causes meta.openid to also generate the openid2 headers.

Signed-off-by: martin f. krafft <madduck@madduck.net>
2008-03-11 15:53:21 -04:00
martin f. krafft 2325525713 Let meta.openid set X-XRDS-Location header
Adds an optional xrds-location parameter to the openid meta handler,
which allows for XRDS delegation.

A good document on XRDS is
http://www.windley.com/archives/2007/05/using_xrds.shtml

Signed-off-by: martin f. krafft <madduck@madduck.net>
2008-03-11 15:51:11 -04:00
Joey Hess fc4c1b7ec8 * Remove locking code in git rcs_commit. I'm not sure if this was ever
correct, and it's certianly not correct now, since the wiki is locked
  before rcs_commit is ever called, and should not be unlocked by
  rcs_commit either.
2008-03-07 12:25:40 -05:00
Joey Hess eec482aa65 test for Text::Markdown::[Mm]arkdown and use the available one
Markdown is such a splintered mess.. The current debian package provides
only Text::Markdown::Markdown, while all versions of Text::Markdown support
Text::Markdown::markdown, and old versions also support the capitalised version,
while new ones don't.

It's getting to the point where `grep /markdown/i %symbol_table` is the only
sane way to figure out what function to call..
2008-03-04 20:29:52 -05:00
Joey Hess 0217eebf49 * Use Text::Markdown::markdown, since version 1.0.16 of Text::Markdown
no longer supports Text::Markdown::Markdown. All old versions of
  Text::Markdown also support the lower-case version.
2008-03-04 20:17:55 -05:00
Joey Hess d93aaed791 * Add recentchangesdiff plugin that adds diffs to the recentchanges feeds.
* rcs_diff is a new function that rcs modules should implement.
* Implemented rcs_diff for git, svn, and tla (tla version untested).
  Mercurial and monotone still todo.
2008-03-03 15:53:34 -05:00
martin f. krafft c10cfb27d1 Add robots tag to meta plugin
Add special handling for <meta name="robots" ...> which needs not be
scrubbed as it's harmless.

Signed-off-by: martin f. krafft <madduck@madduck.net>
(cherry picked from commit b15d0299a7f7b147e89d8a202d6cca1c21491af2)
2008-03-02 18:04:09 -05:00
Adeodato Simó a8f08ab8e1 Make directives generated by shortcuts accept a `desc` parameter.
(cherry picked from commit 252da396bfa728b99af7c9bb304a7b5f3f6d94e6)
2008-03-02 18:04:09 -05:00
Adeodato Simó be0b4f603f Allow colons in URLs after the first slash
A new regexp fixes this bug:
http://ikiwiki.info/bugs/No_link_for_blog_items_when_filename_contains_a_colon/

I traced this down to htmlscrubber. If disabled,
it works. If enabled, then $safe_url_regexp
determines the URL unsafe because of the colon and
hence removes the src attribute.

Digging into this, I find that RFC 3986 pretty
much discourages colons in filenames:

"""
A path segment that contains a colon character
(e.g., "this:that") cannot be used as the first
segment of a relative-path reference, as it would
be mistaken for a scheme name. Such a segment must
be preceded by a dot-segment (e.g., "./this:that")
to make a relative- path reference.
"""

on the other hand, with usedirs, any link to
another page will be prepended by ../ anyway, so
that makes them okay again.

The solution still seems not to use colons.

In any case, htmlscrubber should get a new regexp,
courtesy of dato.

I have tested and verified this.

Signed-off-by: martin f. krafft <madduck@madduck.net>
2008-02-29 19:29:44 +01:00
Joey Hess f4773f6a83 avoid calling getctime on internal pages
internal pages won't be in revision control so this avoids some ugly noise
2008-02-24 18:02:34 -05:00
Joey Hess 4eabb3cb7a * inline: When forcing urls absolute for rss feeds, skip mailto and other
such urls.
2008-02-24 17:07:56 -05:00
Joey Hess bd55d276b3 Fix links generated by preprocessor directives when previewing.
As was already done for linkfication, links generated in a prevew page
are relative to the top of the wiki, so it has to be told that the destpage
is there.

I was using "" to indicate this, but that may confuse some preprocessor
plugins, which treat parameters with an empry value specially (sparkline is one
such). Instead, use "/", which is more accurate anyway and works just as well.
2008-02-24 16:37:11 -05:00
Joey Hess f7303db5a1 * Fix another preview will_render bug. This one involved inline,
which forced a scan of the page to make available metadata that
  appeared after the inline directive. Problem is that scan made it forget
  about any other files rendered due to the page. The scan also turns out
  to be unnecessary now, since meta persistently stores state and it's
  always available. So it was just removed.
2008-02-24 15:36:25 -05:00
Joey Hess a59af82bb8 * tla: Remove call to escapeHTML when constructing recentchanges message;
the html is escaped at a different level. Closes: #466495
* bzr, mercurial: Remove unused import of escapeHTML.
2008-02-20 16:45:02 -05:00
Joey Hess 1c06aed378 * monotone: Add code to default mergerc file to run
_MTN/ikiwiki-netsync-hook when a commit is merged in from the net.
2008-02-14 16:10:33 -05:00
Joey Hess 553136ec1f * Preview limits the page dropdown to what's selected previously
(as preserving the full list across preview would be tricky). Userdirs
  were still being offered as an option there, remove them.
* Fix a bug where user A created a page concurrently with user B, and
  when B previewed it would redirect B to A's new page, losing B's work.
  Instead, don't redirect and let conflict handling resolve it.
2008-02-14 15:42:14 -05:00
Joey Hess 8be2b60aac * The search plugin needs to override <base> to point to the directory
containing ikiwiki.cgi, but this should not change the urls to the style
  sheets etc. Add a new forcebareurl parameter to misctemplate to allow
  it to do that.
2008-02-14 15:20:49 -05:00
Joey Hess 1de1fb15a0 * camelcase: Convert to use new linkify and scan hooks rather than the old
hack.
2008-02-11 23:04:19 -05:00
Joey Hess 4763514861 * Add the linkify and scan hooks. These hooks can be used to implement
custom, first-class types of wikilinks.
* Move standard wikilink implementation to a new wikilink plugin, which
  will of course be enabled by default.
2008-02-11 22:48:27 -05:00
Joey Hess 4aab5f0a73 * Generate XML RPC messages with the encoding set to utf-8 instead
of XML::RPC's default of us-ascii. Allows interoperation with
  python's xmlrpc library, which threw invalid encoding exceptions and
  caused the rst plugin to hang.
2008-02-11 00:11:49 -05:00
Joey Hess c6fc554c54 use quotemeta when building the regexp 2008-02-10 19:02:12 -05:00
Josh Triplett 728dfd9595 Allow the smb: URI scheme. 2008-02-10 15:08:56 -08:00
Josh Triplett 502cd00ec7 Allow the snews: URI scheme. 2008-02-10 15:05:11 -08:00
Josh Triplett ec9d3ab549 Do not allow the steam: URI scheme. 2008-02-10 14:59:08 -08:00
Josh Triplett 3cda22a27f Match literal '.' in URI schemas containing '.', rather than matching any character 2008-02-10 14:50:30 -08:00
Joey Hess bbcf878f75 * meta: Check that the urls provided for authorurl, permalink, and openid
are safe and can't contain javascript.
2008-02-10 17:17:44 -05:00
Joey Hess 4bfdbd4858 export $safe_url_regexp 2008-02-10 17:07:21 -05:00
Josh Triplett d20e24b636 Also filter the attributes cite, longdesc, and usemap, which can contain URIs 2008-02-10 13:59:37 -08:00
Joey Hess 2078f706d6 add parens around scheme regexp 2008-02-10 16:29:46 -05:00
Josh Triplett a7be7bdf56 Do not allow the about: URI scheme
Some browsers interpret about: URIs like a limited version of data:
URIs.  In particular, some versions of Internet Explorer interpret
arbitrary HTML content in about: URIs.
2008-02-10 13:23:28 -08:00
Joey Hess dfd6bb3854 fix data:image handling 2008-02-10 15:24:03 -05:00
Joey Hess d7e0c035e5 * htmlscrubber security fix: Block javascript in uris.
* Add htmlscrubber test suite.
2008-02-10 13:16:40 -05:00
Josh Triplett 122f6df325 Merge branch 'master' into prefix-directives
Conflicts:

	debian/changelog
	templates/change.tmpl
2008-02-09 23:02:52 -08:00
Joey Hess f1fcb5be9c * Page templates can now use CTIME to show when the page was created. 2008-02-09 23:05:48 -05:00
Joey Hess 63e316f362 * Don't die if running with --getctime and rcs_getctime throws an error.
There are several cases (recentchanges files, aggregated files)
  where some source files are not in revision control.
2008-02-07 22:11:54 -05:00
Joey Hess a4b2e77077 add support for prefix_directives 2008-02-05 16:14:38 -05:00
Joey Hess f64ef7deb6 proper fix for the preview/will_render issue 2008-02-04 18:46:34 -05:00
Joey Hess b37dc9c926 preview shouldn't show the feed buttons or post form 2008-02-04 18:44:54 -05:00
Joey Hess bf522a347f * inline: Add new `allowrss` and `allowatom` config options. These can be
used if you want a wiki that doesn't default to generating rss or atom
  feeds, but that does allow them to be turned on for specific blogs.
2008-02-04 18:36:50 -05:00
Joey Hess 85de2f7bc4 the old code worked, suprisingly, but I prefer this form 2008-02-04 18:05:40 -05:00
Joey Hess d1c4899a22 * inline: When previewing, still call will_render on rss/atom files,
just avoid actually writing the files. This is necessary because ikiwiki
  saves state after a preview (in case it actually *did* write files),
  and if will_render isn't called its security checks will get upset
  when the page is saved. Thanks to Edward Betts for his help tracking this
  tricky bug down.
2008-02-04 17:58:23 -05:00
Joey Hess a3f224cb6c move saveindex call into preview block
This call is only present to handle the case where previewing a page
actually causes files to be rendered.
2008-02-03 19:51:00 -05:00
Joey Hess 408419ca3e remove another commit mail mention 2008-02-03 19:47:01 -05:00
Joey Hess 27d5f91a18 remove spurious EOF 2008-02-03 18:16:19 -05:00
Joey Hess 749c1e36d9 * monotone changes by Brian May:
- On commits, replace "mtn sync" bidirectional with "mtn push" single
    direction. No need to pull changes when doing a commit. mtn sync
    is still called in rcs_update.
  - Support for viewing differences via patches using viewmtn.
2008-02-03 18:14:39 -05:00
Joey Hess 9d54cc4659 implement aggregate_locking design
Now aggregation will not lock the wiki. Any changes made during aggregaton are
merged in with the changed state accumulated while aggregating. A separate
lock file prevents multiple concurrent aggregators. Garbage collection
of orphaned guids is much improved. loadstate() is only called once
per process, so tricky support for reloading wiki state is not needed.

(Tested fairly thuroughly.)
2008-02-03 16:48:26 -05:00
Joey Hess 38affb0c1c add aggregate locking functions 2008-02-03 15:17:15 -05:00
Joey Hess e57749b702 * recentchanges: Exipre all *._change pages, even if the directory
they're in has changed.
2008-02-03 14:51:03 -05:00
Joey Hess 340fe9707c * recentchanges: Improve handling of links on the very static changes pages
by thunking to the CGI, which can redirect to the page, or allow it to be
  created if it doesn't exist.
2008-02-03 14:48:20 -05:00
Joey Hess 42e5b8dfdc prototype fix 2008-02-03 14:22:25 -05:00
Joey Hess 1f6591f0a6 * aggregate: Revert use of forking to not save state, that was not the right
approach.
2008-02-03 03:04:19 -05:00
Joey Hess 9f60272831 * poll: This plugin turns out to have edited pages w/o doing any locking.
Oops. Convert it from a cgi to a sessioncgi hook, which will work
  much better.
2008-02-03 00:26:00 -05:00
Joey Hess 80915c830a * cgi hooks are now run before ikiwiki state is loaded.
* This allows locking the wiki before loading state, which avoids some
  tricky locking code when saving a web edit.
2008-02-03 00:23:04 -05:00
Joey Hess 0779013683 * aggregate: Forking a child broke the one state that mattered: Forcing
the aggregating page to be rebuilt. Fix this.
2008-02-02 23:56:13 -05:00
Joey Hess 6a7c3d1209 * Revert preservation of input file modification times in output files,
since this leads to too many problems with web caching, especially with
  inlined pages. Properly solving this would involve tracking every page
  that contributes to a page's content and using the youngest of them all,
  as well as special cases for things like the version plugin, and it's just
  too complex to do.
2008-02-02 23:40:57 -05:00
Joey Hess 870adf3bbf move openiduser function to the openid plugin 2008-01-30 02:39:17 -05:00
Joey Hess 55e16be44a move recentchanges link enabling into a pagetemplate hook 2008-01-30 02:29:12 -05:00
Jelmer Vernooij 246e93a300 Expand file-id in diffurl in the bzr backend. 2008-01-30 02:29:28 +01:00
Joey Hess 4284719464 rename bazaar -> bzr after discussion with jelmer 2008-01-29 19:48:30 -05:00
Joey Hess 381ac0f667 commit only the changed file 2008-01-29 19:44:26 -05:00
Joey Hess 274fb90026 stylistic changes
Remarkably few. Also, I removed the stub for the obsolete rcs_notify function.
2008-01-29 19:36:35 -05:00
Joey Hess cddc335b2b Merge git://git.samba.org/jelmer/ikiwiki 2008-01-29 19:28:51 -05:00
Joey Hess f584abec0c really fix the baseurl problem
the issue is that HTML::Template doesn't expand top-level variables when inside
a loop
2008-01-29 18:19:47 -05:00
Joey Hess 9e15bd27ea avoid temp var 2008-01-29 18:07:20 -05:00
Joey Hess 7125c7269a don't scan internal pages
scan() does too much. All that is needed is to preprocess the internal page
in scan-only mode.
2008-01-29 18:06:36 -05:00
Joey Hess 3803266b8f merged the recentchanges branch
misc fixes
2008-01-29 17:50:11 -05:00
Joey Hess 7a40bcab9a add missing test to avoid uninitialised value when a page with metadata is removed 2008-01-29 17:36:25 -05:00
Joey Hess 64a8c828b8 * meta: Add pagespec functions to match against title, author, authorurl,
license, and copyright. This can be used to create custom RecentChanges.
* meta: To support the pagespec functions, metadata about pages has to be
  retained as pagestate.
* Fix encoding bug when pagestate values contained spaces.
2008-01-29 17:16:51 -05:00