dcfeaaad5b
comments: Fix XSS security hole due to missing validation of page name.
...
Values have to be checked against wiki_file_regexp, not just file_pruned.
Audited the rest of the code base for similar problems, found none.
2011-01-22 10:15:33 -04:00
9b6e333170
picked
2011-01-14 14:37:43 -04:00
e112372a38
update
2011-01-06 14:42:13 -04:00
2cd8988648
releasing version 3.20110105
2011-01-05 18:19:26 -04:00
d991ccf134
use cgitemplate, remove misctemplate
2011-01-05 17:15:38 -04:00
4dbb8120f7
Export three cgi env vars needed for CGI->url to work.
2011-01-05 16:08:21 -04:00
3eabf323f0
Fix permalinks to recentchanges items and comments, broken by last release.
...
permalinks always need to be full urls
2011-01-05 15:22:55 -04:00
6b5b0a3282
Temporarily revert one part of the multiple url support in the last release. Non-edit pages are now back to having `<base>` set to the site's main url.
2011-01-05 15:01:31 -04:00
270cbd7cf5
Fix redirect to use a full url.
...
Was broken (in theory) by baseurl changes in last release.
2011-01-05 14:57:04 -04:00
8c9c3915ec
Fix base url when previewing. Was broken by urlto changes in last release.
...
Added a showform_preview that is like showform, but sets forcebaseurl
to point to the page being previewed.
2011-01-05 13:50:42 -04:00
3841d709d7
bugfix
2011-01-04 16:02:31 -04:00
84224c78a0
releasing version 3.20101231
2010-12-31 21:34:52 -04:00
7d0ef85d80
git: Fix bug involving attempting to web revert a commit that included changes to attachments.
2010-12-29 20:19:58 -04:00
4fb26f4e60
Add a second parameter to the rcs_diff hook, and avoid bloating memory reading in enormous commits.
2010-12-29 19:58:49 -04:00
1c430def77
highlight: Support highlight 3.2+svn19 (note that released version 3.2 is not supported). Closes : #605779 (David Bremner)
2010-12-29 13:08:09 -04:00
83b685abb5
changelog
2010-12-28 13:52:01 -04:00
961a119986
changelog
2010-12-26 14:46:55 -04:00
beae7ef9db
editpage, comment: Clean up title when editing or creating a page or comment.
...
Now that page.tmpl is used for cgi, the parentlinks are able to be
displayed even when creating or editing a page. So it's redundant to
include the path to the page in the title, remove it.
2010-12-25 13:38:26 -04:00
9741a3f979
inline: Force an absolute page location when the inline postform is used.
...
There seems no need to allow selecting a location when creating a page this
way; the user should always want it to appear in the inline whose form they
submitted.
2010-12-25 13:32:57 -04:00
77907fb380
merge po
2010-12-25 12:38:31 -04:00
338a04190f
goldtype: New theme, based on blueview, contributed by Lars Wirzenius.
2010-12-11 16:04:06 -04:00
efe702479a
changelog
2010-12-05 16:38:38 -04:00
ca7e3a5923
update changelog to reflect bugfix-only release
2010-12-01 20:36:42 -04:00
017f335aff
Merge branch 'bugfix'
2010-12-01 20:36:07 -04:00
9c0f98de02
releasing version 3.20101201
2010-12-01 20:34:30 -04:00
aa65300c2f
meta: Fix calling of htmlscrubber to pass the page parameter. The change of the htmlscrubber to look at page rather than destpage caused htmlscrubber_skip to not work for meta directives.
2010-12-01 20:25:05 -04:00
2884e3c6c7
smcv's https fix is actually also applicable to using multiple other urls
2010-12-01 11:51:51 -04:00
5f4f0b5bdd
merged sslcookie-auto
2010-11-29 16:32:23 -04:00
141dc37d36
merged localurl branch; changelog
2010-11-29 15:00:22 -04:00
853fcc2b56
releasing version 3.20101129
2010-11-29 14:12:41 -04:00
170cb02479
git: Avoid adding files when committing, so as not to implicitly add files like recentchanges files that are not normally checked in, when fixing links after rename.
2010-11-29 13:42:03 -04:00
a5120846cb
rename: Fix to pass named parameters to rcs_commit
2010-11-29 13:28:28 -04:00
78a22e2eb2
git: Fix temp file location.
2010-11-29 12:01:50 -04:00
31f0e459b8
edittemplate: Fix crash if using a .tmpl file or other non-page file as a template for a new page.
2010-11-20 14:54:43 -04:00
af5f162ca7
highlight: Support new format of filetypes.conf used by version 3.2 of the highlight package.
2010-11-20 12:55:26 -04:00
f8f8770a65
smcv/ready/glob-cache merged
2010-11-20 12:28:22 -04:00
b00c6c9640
inline: Improve RSS url munging to use a proper html parser
...
and support all elements that HTML::Tagset knows about.
(Which doesn't include html5 just yet, but then the old version didn't either.)
Bonus: 4 times faster than old regexp method.
2010-11-16 16:57:50 -04:00
cedf2c0af5
Fix escaping of filenames in historyurl. (Thanks, aj)
2010-11-16 15:12:52 -04:00
ec6c1269d2
more: Add pages parameter to limit where the more is displayed. (thanks, dark)
2010-11-16 15:00:04 -04:00
b85ca8603a
websetup: Fix encoding problem when restoring old setup file.
2010-11-16 14:24:15 -04:00
5f750e16b8
CVE id
2010-11-12 10:25:21 -04:00
5dbf25127f
releasing version 3.20101112
2010-11-12 00:45:00 -04:00
d8de98911e
comments: Make comment() pagespec also match comments that are being posted.
2010-11-12 00:36:03 -04:00
78de33d2ea
comments: Make postcomment() pagespec work when previewing a comment.
2010-11-12 00:28:27 -04:00
289b30a47d
Fix htmlscrubber_skip to be matched on the source page, not the page it is inlined into. Should allow setting to "* and !comment(*)" to scrub comments, but leave your blog posts unscrubbed, etc.
2010-11-12 00:00:54 -04:00
0c18b347aa
changelog
2010-10-31 16:07:54 -04:00
0a0366b8c6
changelog
2010-10-31 10:12:28 -04:00
49865d5512
changelog
2010-10-30 22:03:02 -04:00
5c6eb167b8
highlight: Ensure that other, more-specific format plugins, like txt are used in preference to this one in case of ties.
2010-10-25 23:00:32 -04:00
2076ed597c
txt: Fix display when used inside a format directive.
...
txt's use of a format hook can't work in that case, so it needs to use a
htmlizeformat hook in this case to handle wrapping the text in pre tags.
2010-10-25 22:37:34 -04:00
5db2d6f6b2
nice message if someone tries to revert a merge commit
2010-10-23 17:19:48 -04:00
9ca9959eda
fix web reversion when the srcdir is in a subdir of the git repo.
2010-10-23 16:19:16 -04:00
1c5a3f2c67
Fix typo that broke anonymous git push.
2010-10-23 15:25:29 -04:00
490e0813c5
releasing version 3.20101019
2010-10-19 02:44:10 -04:00
1d119e5314
auto-blog.setup: Don't enable opendiscussion by default; require users be logged in to post comments.
2010-10-17 17:26:35 -04:00
8555d10f63
img: If a class is specified, don't also put the img in the img class.
2010-10-13 12:57:16 -04:00
7ba0f7d297
monotone: Fix recentchanges page when the srcdir is not at the top of the monotone workspace. Thanks, tommyd.
2010-10-11 20:30:14 -04:00
cfbd272c8b
websetup: Fix defaults of checkboxes in advanced mode.
...
So formbuilder has an annoying glitch, that setting the value of a
checkbox, even without force, will override the value currently on the
form. Thus the guards against changing checkbox values when a form has been
submitted.
But those guards also prevented the checkboxes for advanced items getting
the right value when going into advanced mode.
Note that if the user makes changes to advanced mode stuff and leaves
advanced mode, those changes are lost. That seems reasonable so I didn't
change it -- and it made this fix simple.
2010-10-11 11:41:34 -04:00
274219ecc8
websetup: Fix saving of advanced mode changes.
...
The showadvanced field was not known to formbuilder when hitting the save
changes button.
2010-10-11 11:12:41 -04:00
2852c6b0d5
actiontabs: More consistent styling of Hn tags.
...
In particular the use of italics for h3 was weird.
2010-10-08 19:55:56 -04:00
1820f07f04
revert interface done
2010-10-08 19:24:06 -04:00
5c514706e4
Updated French program translation. Closes : #598918
2010-10-03 12:34:58 -04:00
bd48ff734a
fixups tidy change
...
Need checkconfig hook; examples don't become default values.
2010-10-02 12:02:34 -04:00
2df92a956a
Fix test suite failure on other side of date line.
2010-09-29 11:58:45 -04:00
3dfc7ea4dc
releasing version 3.20100926
2010-09-27 00:56:03 -04:00
43c99f9076
htmlbalance: Fix compatability with HTML::Tree 4.0. (smcv)
2010-09-26 22:37:18 -04:00
1883e31de2
Propigate PATH into wrapper.
...
In the last version, the ikiwiki script stopped setting PATH.
But that leads to gcc failing when run from websetup. See
http://www.branchable.com/bugs/Crashes_when_rebuilding_wiki_after_setup_change/
2010-09-26 22:27:46 -04:00
90bc68589e
attachment: Fix attachment file size display.
2010-09-21 15:33:42 -04:00
8063b960ad
meta: Ensure that the url specified by xrds-location is absolute.
...
With a relative xrds-location, the openid perl client module will fail.
I haven't checked the specs to see if it needs to be absolute, but all
examples I've seen are absolute, so it seems a very good idea.
2010-09-19 20:15:34 -04:00
3d4313f21d
releasing version 3.20100915
2010-09-15 16:40:26 -04:00
884835ce1c
cutpaste: Fix bug that occured in some cases involving inlines when text was pasted on a page before being cut.
2010-09-15 16:24:50 -04:00
cd794613b6
git: When updating from remote, use git pull --prune, to avoid possible errors from conflicting obsolete remote branches.
2010-09-14 15:45:38 -04:00
0ff945ddf1
external: Disable RPC::XML's "smart" encoding, which sent ints for strings that contained only a number, fixing a longstanding crash of the rst plugin.
2010-09-14 15:37:45 -04:00
e0898ae1a8
blogspam: Fix crash when content contained utf-8.
...
I also tried setting RPC::XML::ENCODING but that did not prevent the crash,
and it seems that blogspam.net doesn't like getting xml encoded in unicode,
since it mis-flagged comments as spammy that way that are normally allowed
through.
2010-09-14 15:23:28 -04:00
894d09ba94
Set isPermaLink="no" for guids in rss feeds.
...
The rss spec says that unless the attribute is set, guid elements *are*
permalinks. The problem with that is that if [[meta permalink=]] is used,
as is done with aggregated posts, that goes into the link element, and
apparently some rss readers prefer the not-really-permalink in the guid
element when linking to the post.
Without meta permalink, the link and guid elements have the same content,
so it should be ok, in that case too for the guid to not be a permalink.
(Checked and this does not flood aggregators.)
2010-09-14 12:40:40 -04:00
b5be85a611
blueview: Fix display of links to translated pages in the page header.
2010-09-11 14:40:56 -04:00
41a10eb0b0
actiontabs: Improve tab padding.
2010-09-11 14:31:34 -04:00
c4ebdd6f46
Pass array of names of files that have been deleted to needsbuild hook as second parameter, to allow for plugins that needs access to this information earlier than the delete hook.
2010-09-10 17:17:08 -04:00
23f8869009
po: Auto-upgrade old format settings to new formats when writing setup file.
2010-09-10 14:04:43 -04:00
fbfda5ccfc
po: Make the po_master_language use a langpair like "en|English", so it can be configured via the web.
2010-09-10 13:13:00 -04:00
400aabe82d
po: Allow enabling via web setup.
...
The only unsafe thing should be that enabling it with some languages will
generate po files.
2010-09-10 11:45:59 -04:00
074c9869f3
changelog
2010-09-09 18:23:31 -04:00
5c6c0813ca
Remove PATH overriding code in ikiwiki script that was present to make perl taint checking happy, but taint checking is disabled.
2010-09-07 13:47:50 -04:00
8a6f4a7e50
needsbuild hook interface changed; the hooks should now return the modified array of things that need built. (Backwards compatability code keeps plugins using the old interface working.)
2010-09-07 12:08:59 -04:00
2ff705367b
releasing version 3.20100831
2010-08-31 14:30:34 -04:00
f55c7d1396
httpauth: Avoid redirecting the user to the cgiauthurl if they already have a login session.
2010-08-30 18:33:00 -04:00
a330b1ee74
Avoid trying to log the user in when receiving anonymous pushes from git and a plugin like httpauth returns a login function.
...
Just use check_canedit in nonfatal mode.
2010-08-30 16:05:15 -04:00
2ec5efcd6c
t/bazaar.t: Work around bzr 2.2.0's new requirement to configure bzr whoami before committing.
2010-08-30 15:23:22 -04:00
d325f09a96
document merging of intrigeri/po
2010-08-30 14:56:13 -04:00
00a54d1bb7
finish link(.) support
2010-08-30 13:37:16 -04:00
7ab84dcfe5
highlight: Make location of highlight's files configurable in setup file to allow for nonstandard installations.
2010-08-30 13:15:49 -04:00
decf432fd5
Danish translation update. Closes : #594673
2010-08-28 10:02:27 -04:00
9b9ecda62f
htmlscrubber: Do not scrub url anchors that contain colons.
2010-08-19 13:59:31 -04:00
20ecef4d02
style.css: Use relative, not absolute font sizes. Thanks, Giuseppe Bilotta.
2010-08-17 16:37:48 -04:00
9744c11f80
openid: Syntax tweak to the javascript code to make it work with MSIE 7 (and MSIE 8 in compat mode). Thanks to Iain McLaren for reporting the bug and providing access to debug it.
2010-08-17 16:05:17 -04:00
91f5697025
Merge branch 'debian-testing'
...
Conflicts:
debian/changelog
2010-08-15 12:01:16 -04:00
67d0645e07
insert version that will be released from debian-testing branch
2010-08-15 11:46:01 -04:00
b8fd31a2a3
Fix po test suite to not assume ikiwiki's underlay is already installed. Closes : #593047
...
(cherry picked from commit 5664401fbc
2010-08-15 11:44:28 -04:00
5664401fbc
Fix po test suite to not assume ikiwiki's underlay is already installed. Closes : #593047
2010-08-15 11:38:39 -04:00
d03e691c50
changelog
2010-08-13 17:59:36 -04:00
Joey Hess