Commit Graph

2644 Commits (d934cee673ee18cd814e658a86c607fe5a209476)

Author SHA1 Message Date
intrigeri a128c256a5 po: added support for html pagetype
... after having audited the po4a Xml and Xhtml modules for security issues.

Signed-off-by: intrigeri <intrigeri@boum.org>
2010-06-25 23:18:57 +02:00
intrigeri 903a71c1b9 TODO++ 2010-06-25 17:45:08 +02:00
intrigeri d4136aea8a po: also filter sidebar translation pages 2010-06-25 17:43:25 +02:00
intrigeri d877b9644b po: fix bug with translated pages including templates
The protection against processing loops (i.e. the alreadyfiltered stuff) was
playing against us: the template plugin triggered a filter hooks run with the
very same ($page, $destpage) arguments pair that we use to identify a already
filtered page. Processing an included template could then mark the whole
translation page as already filtered, which prevented po_to_markup to be called
on the PO content.

This commit only runs the whole PO filter logic when our filter hook is run by
IkiWiki::render, which only happens when the full page needs to be filtered.
2010-06-25 17:14:13 +02:00
intrigeri 9f401d6617 Merge remote branch 'upstream/master' into prv/po
Conflicts:
	IkiWiki/Plugin/po.pm
2010-06-25 14:38:37 +02:00
Joey Hess d8d057c356 chdir to srcdir in rcs_getctime 2010-06-23 21:29:47 -04:00
Joey Hess 38bf2f6388 bugfix 2010-06-23 20:26:09 -04:00
Joey Hess 9a32451986 finializing openid nickname support
Renamed usershort => nickname.

Note that this means existing user login sessions will not have the nickname
recorded, and so it won't be used for those.
2010-06-23 20:16:01 -04:00
Joey Hess a4f381ace8 git: Record the username from openid in the git author email. (This avoids display of ugly google openids.) 2010-06-23 19:44:41 -04:00
Joey Hess b38b9327a8 take username from email address as fallback 2010-06-23 19:36:23 -04:00
Joey Hess d8e4b51a41 rcs_getctime and rcs_getmtime take relative filenames
There was some confusion about whether the filename was
relative to srcdir or not. Some test cases, and the bzr
plugin assumed it was relative to the srcdir. Most everything else
assumed it was absolute.

Changed it to relative, for consistency with the rest
of the rcs_ functions.
2010-06-23 19:32:53 -04:00
Joey Hess ecdfd1b864 rcs_commit and rcs_commit_staged api changes
Using named parameters for these is overdue. Passing the session in a
parameter instead of passing username and IP separately will later allow
storing other session info, like username or part of the email.

Note that these functions are not part of the exported API,
and the prototype change will catch (most) skew, so I am not changing
API versions. Any third-party plugins that call them will need updated
though.
2010-06-23 19:04:36 -04:00
Joey Hess caf7bcdda3 update for new rcs_commit_staged API
In the process, lost the commits from special usernames
when committing changed po files. Instead of trying to dummy up a session
object for the special username, I just don't pass one, and the commit will
appear to be from whatever user ikiwiki runs as.
2010-06-23 16:56:50 -04:00
Joey Hess 4292802ee5 stop using REMOTE_ADDR
Everywhere that REMOTE_ADDR was used, a session object is available, so
instead use its remote_addr method.

In IkiWiki::Receive, stop setting a dummy REMOTE_ADDR.

Note that it's possible for a session cookie to be obtained using one IP
address, and then used from another IP. In this case, the first IP will now
be used. I think that should be ok.
2010-06-23 16:35:51 -04:00
Joey Hess b4a43406f6 API: rcs_commit and rcs_commit_staged are passed a new parameter
that may contain the username component of the email address of
the user making the commit.
2010-06-23 16:05:49 -04:00
Joey Hess c46bcb425a Add new optional field usershort to rcs_recentchanges.
Now the git plugin supports commits with author fields that look like:
Author: http://my.openid/ <me@web>

Then in recentchanges, the short username will be displayed, linking
to the openid.

Particularly useful for the horrible google openids, of course.
2010-06-23 15:54:52 -04:00
Joey Hess 0580cbbf40 whitespace 2010-06-23 15:23:13 -04:00
Joey Hess 82789e39aa bugfix: record email-like links as page links
This way, an email-like link will be a mailto until a matching page
is created, then it will link to the page. And removing the page will
convert it back to a mailto.
2010-06-23 14:05:57 -04:00
Joey Hess 6e67219eff simplify anchor handling
At least two bugfixes in here. First, an old bug;
\[[foo#0]] was displayed as [[foo]], losing the anchor
as the anchor text was false. Secondly, a new bug;
an email like foo#bar@baz should not check bestlink("foo@baz").
2010-06-23 13:57:27 -04:00
Joey Hess 19dcd50c84 avoid needing full email regexp
Fully validating the email address is not necessary,
all that matters is not matching an url like http://foo@bar/
as an email address.
2010-06-23 13:40:10 -04:00
Bernd Zeimetz dd3274ce73 Enhance the link plugin to handle external links.
The following ways to create a link are supported now:
[[url]]
[[text|url]]
url can be one of the following:
- an internal wikilink: will be handled as before
- any other kind of URL, including mailto: proper links will be created:
  <a href="url">url</a>
  <a href="url">text</a>
- an email address:
  <a href="mailto:url">url</a>
  <a href="mailto:url">text</a>
2010-06-19 03:14:16 +02:00
Joey Hess 57e56828f5 store state to avoid needing to rebuild when changing theme 2010-06-18 16:40:47 -04:00
Joey Hess cfcc79ed4c needsbuild hook is passed an array ref 2010-06-18 16:15:57 -04:00
Joey Hess d5199424c5 avoid shelling 2010-06-18 12:50:31 -04:00
Joey Hess 2797a659db mercurial: Fix buggy getctime code.
The file passed to rcs_getctime is already absolute, and it was
trying to stick the srcdir on the front.

Also, eliminated potentially unsafe shelling.
2010-06-18 12:48:05 -04:00
Joey Hess cb4b999297 avoid dying if cannot chdir to an underlaydir 2010-06-17 16:54:03 -04:00
Joey Hess 184f68efa8 Merge branch 'themes' 2010-06-16 19:17:18 -04:00
Joey Hess eff5e233a2 force list context
run_or_die returns a status code in scalar context
2010-06-16 16:07:41 -04:00
Joey Hess 2f3f826b5b force rebuild for theme change
For now, a rebuild is the only way to ensure the changed theme is used.
Ikiwiki normally will not realize style.css has changed, since themes
tend to have the same timestamp for the file.
2010-06-16 15:44:21 -04:00
Joey Hess 062ed44f47 add theme plugin 2010-06-16 15:43:42 -04:00
Joey Hess a748f283ac Encode not used 2010-06-16 15:30:33 -04:00
Joey Hess 69c22fa1ea attachment: Support Windows paths when taking basename of client-supplied file name. 2010-06-16 13:23:32 -04:00
Joey Hess da2be6e85c git: Gix --gettime to properly support utf8 filenames.
In passing, fixed a bug where the srcdir was in a subdir of a repository
named "0".
2010-06-15 23:21:55 -04:00
Joey Hess 5f33532468 Make --gettime be honored after initial setup.
Bugfix in passing: New files not treated as such when no rcs is used.
2010-06-15 22:56:06 -04:00
Joey Hess a298959888 fix other cases of unicode mixing issue
and fix underlaydir override attack guard when srcdir is non-absolute
2010-06-15 17:41:26 -04:00
Joey Hess 86a43aefb4 Fix issues with combining unicode srcdirs and source files.
A short story:

  Once there was a unicode string, let's call him Srcdir.

  Along came a crufy old File::Find, who went through a tree and pasted each
  of the leaves in turn onto Srcdir. But this 90's relic didn't decode the
  leaves -- despite some of them using unicode! Poor Srcdir, with these
  leaves stuck on him, tainted them with his nice unicode-ness. They didn't
  look like leaves at all, but instead garbage.

(In other words, perl's unicode support sucks mightily, and drives
us all to drink and bad storytelling. But we knew that..)

So, srcdir is not normally flagged as unicode, because typically it's pure
ascii. And in that case, things work ok; File::Find finds filenames, which
are not yet decoded to unicode, and appends them to the srcdir, and then
decode_utf8 happily converts the whole thing.

But, if the srcdir does contain utf8 characters, that breaks. Or, if a Yaml
setup file is used, Yaml::Syck's implicitunicode sets the unicode flag of
*all* strings, even those containing only ascii. In either case, srcdir
has the unicode flag set; a non-decoded filename is appended, and the flag
remains set; and decode_utf8 sees the flag and does *nothing*. The result
is that the filename is not decoded, so looks valid and gets skipped.

File::Find only sticks the directory and filenames together in no_chdir
mode .. but we need that mode for security. In order to retain the
security, and avoid the problem, I made it not pass srcdir to File::Find.
Instead, chdir to the srcdir, and pass ".". Since "." is ascii, the problem
is avoided.

Note that chdir srcdir is safe because we check for symlinks in the srcdir
path.

Note that it takes care to chdir back to the starting location. Because
the user may have specified relative paths and so staying in the srcdir
might break. A relative path could even be specifed for an underlay dir, so
it chdirs back after each.
2010-06-15 17:13:46 -04:00
Joey Hess 69383fb6b0 Fix issues with combining unicode srcdirs and source files.
A short story:

  Once there was a unicode string, let's call him Srcdir.

  Along came a crufy old File::Find, who went through a tree and pasted each
  of the leaves in turn onto Srcdir. But this 90's relic didn't decode the
  leaves -- despite some of them using unicode! Poor Srcdir, with these
  leaves stuck on him, tainted them with his nice unicode-ness. They didn't
  look like leaves at all, but instead garbage.

In other words, perl's unicode support sucks mightily, and drives
us all to drink and bad storytelling. But we knew that..

So, srcdir is not normally flagged as unicode, because typically it's pure
ascii. And in that case, things work ok; File::Find finds filenames, which
are not yet decoded to unicode, and appends them to the srcdir, and then
decode_utf8 happily converts the whole thing.

But, if the srcdir does contain utf8 characters, that breaks. Or, if a Yaml
setup file is used, Yaml::Syck's implicitunicode sets the unicode flag of
*all* strings, even those containing only ascii. In either case, srcdir
has the unicode flag set; a non-decoded filename is appended, and
decode_utf8 sees the flag and does *nothing*. The result is that the
filename is not decoded, so looks valid and gets skipped.

File::Find only sticks the directory and filenames together in no_chdir
mode .. but we need that mode for security. In order to retain the
security, and avoid the problem, I made it not pass srcdir to File::Find.
Instead, chdir to the srcdir, and pass ".". Since "." is ascii, the problem
is avoided.

Note that it takes care to chdir back to the starting location. Because
the user may have specified relative paths and so staying in the srcdir
might break. A relative path could even be specifed for an underlay dir, so
it chdirs back after each.
2010-06-15 16:40:37 -04:00
Joey Hess d541cc854a calendar: Tune archive_pagespec to only match pages, not other files. 2010-06-15 13:38:19 -04:00
Joey Hess c0bc2d0839 editpage, comments: Fix broken links in sidebar (due to forcebaseurl). (Thanks, privat) 2010-06-14 14:34:52 -04:00
Joey Hess 9f7a118ffc more symetric enable/disable
Removing a plugin from add_plugins is not always enough to disable it.
It may have been redundantly added there and also pulled in via goodstuff.
Always add didabled plugins to disable_plugins.
2010-06-13 10:25:17 -04:00
Joey Hess 17592a951b websetup: Allow enabling plugins listed in disable_plugins.
The bug here was that disabling a plugin included thru goodstuff, like
htmlscrubber, caused it to be added to disable_plugins, and those plugins
were never loaded, so could not be re-enabled. Fix by allowing them to be
force loaded when appropriate. (Also that allows disabled plugins to still
record their setup options when dumping a setup file.)
2010-06-13 10:21:19 -04:00
Joey Hess c65658eeb5 attachment: When inserting links, insert img directives for images, if that plugin is enabled. 2010-06-12 23:00:30 -04:00
Joey Hess 35a0715b9a avoid ugly warning if size="" is specified 2010-06-12 22:59:46 -04:00
Joey Hess dccd764871 edittemplate: Look for template pages under templates/ like everything else (still looks in old location for backwards compatability). 2010-06-12 22:43:34 -04:00
Joey Hess c225cdad25 edittemplate: Make silent mode not disable display when the template page does not exist, so it can be easily created. 2010-06-12 22:20:22 -04:00
Joey Hess 31fa7714e7 editpage: Rename "comments" field to avoid CSS conflict with the comments div. 2010-06-12 18:10:33 -04:00
Joey Hess d7cfcef54a img: Support hspace and vspace attributes. 2010-06-12 16:43:24 -04:00
Joey Hess 9923f5db65 attachment: Show files from underlay in attachments list.
While those files cannot be removed or renamed, this allows easy
downloading of them, and a new version can after all be uploaded.
2010-06-12 14:29:56 -04:00
Joey Hess d5181a1977 realm is an url pattern 2010-06-11 14:14:20 -04:00
Joey Hess 475b4199e1 openid: Add openid_realm and openid_cgiurl configuration options, useful in a few edge case setups. 2010-06-11 13:53:56 -04:00
Joey Hess 04ff998c51 calendar styling
* calendar: Shorten day names, and improve styling of month calendar.
* style.css: Reduced sidebar width back to 20ex from 30; the month calendar
  will now fit in the smaller width, and 30 was feeling too large.
2010-06-10 15:07:28 -04:00
Joey Hess 1bdf98a4a0 let's allow comments of "0" 2010-06-09 17:47:49 -04:00
Joey Hess 24b59b3a9e editpage: Avoid storing accidental state changes when previewing pages.
This is a slow, safe, stupid approach. Could make deep copies of the data
structures as backups instead of re-loading the index from disk.
2010-06-09 17:44:40 -04:00
Joey Hess b2327cfae4 improve preview mode comments 2010-06-09 17:43:20 -04:00
Joey Hess e93cee3378 Fix display of sidebar when previewing page edit. (Thanks, privat)
On second thought, only display a page's personal sidebar when previewing
it, not when editing normally.
2010-06-09 16:59:17 -04:00
Joey Hess 95b45864de relativedate: Fix problem with localised dates not working. 2010-06-09 16:16:48 -04:00
Joey Hess e96cf38ecc When editing a page, show that page's sidebar. (Thanks, privat) 2010-06-09 16:00:12 -04:00
Joey Hess 0ccf21daaf img: Fill in missing height or width when scaling image. 2010-06-08 21:13:46 -04:00
Joey Hess 3d769f7849 fix uninitalized value warning 2010-05-21 18:03:21 -04:00
Joey Hess 6472302b8d disable warnings when evaling setup files
In particular, perl warns if a qw{} contains a #, but openids can.

If the setup file has 'use warnings', it will turn warning messages back
on, so it seems reasonable to squelch them by default.
2010-05-21 13:39:07 -04:00
Joey Hess 14de1d87ef Fix a typo in the last release. 2010-05-18 14:16:58 -04:00
Joey Hess baaa176b9b simplify example
I've seen user(http://*) confuse someone who didn't know pagespecs to think
that just http://* would moderate all comments to every page, or something
like that.
2010-05-18 13:36:51 -04:00
Joey Hess 7aa209f1ce Fix a bug that prevented matching deleted comments, and so did not update pages that had contained them.
Problem is that by the time rendering calls render_dependent, %pagesources
has had deleted files removed from it. So match_comment's lookup of
files in there to see if they had the _comment extension failed.

I had to introduce a hash that temporarily holds filenames of deleted pages
to fix this.

Note that unlike comment(), internal() had avoided this pitfall by being
defined to match both internal and non-internal pages.
2010-05-18 13:32:28 -04:00
Joey Hess facc77e109 force scalar context 2010-05-17 17:06:13 -04:00
Joey Hess 8e77dc1c9c fix typo 2010-05-15 23:54:00 -04:00
Joey Hess ff67a31db5 Revert "avoid showing comment post stuff on dynamic pages"
This reverts commit 4a6d5330e5.

That was too ugly, the DYNAMIC test on page.tmpl will avoid the problem
anyway -- just needs to be added.
2010-05-15 22:38:59 -04:00
Joey Hess 4a6d5330e5 avoid showing comment post stuff on dynamic pages
If the site is configured to allow comments on *, then the comment post
interface was being added to cgi pages like signin and prefs. This fixes it
w/o requiring more page.tmpl changes. The pagetemplate hook is called by
misctemplate with an empty page name for dynamic pages.
2010-05-15 22:28:07 -04:00
Joey Hess c8b34aa31c allow misctemplate callers to pass params to suppress actions etc
Suppress disiplay of small search for on search results page, and of
Prefrences link on prefs page.
2010-05-14 21:45:54 -04:00
Joey Hess 4c6fa6413f avoid showing redundant search box on search results page 2010-05-14 21:42:48 -04:00
Joey Hess f69c072d8a better misctemplate splitting sequence 2010-05-14 21:40:30 -04:00
Joey Hess 3dd98a3b3f put back recentchangesurl
On second thought, misctemplate can use pagetemplate hooks to provide
it, so it's better to keep back-compat, and allow full customisation
of how it's displayed via the template.
2010-05-14 20:38:08 -04:00
Joey Hess d80a649073 bugfix 2010-05-14 20:29:16 -04:00
Joey Hess bbe971881a refactor template actions 2010-05-14 20:20:41 -04:00
Joey Hess 377e82b16c we want the recentchanges link to be the first floating action 2010-05-14 20:10:18 -04:00
Joey Hess 5a4c95cc35 enable action bar on misctemplates
So RecentChanges shows on the action bar there,
convert recentchanges to use new pageactions hook,
with compatability code to avoid breaking old templates.
2010-05-14 20:04:02 -04:00
Joey Hess 8ff761afa2 remove, rename: Add guards against XSRF attacks. 2010-05-14 14:21:45 -04:00
Joey Hess 031da9c134 po: guard against reimportation
If po is imported twice, bad things happen. Guard against that.

I'm not sure what causes the double import; I saw it when websetup did a
wiki rebuild. Carp failed to show a backtrace for the second call to
import.
2010-05-13 16:28:09 -04:00
Joey Hess bc0aa4d40e Use xhtml friendly pubdate setting. 2010-05-08 19:45:02 -04:00
Joey Hess c3e9215e1f moved non-openid signin form into same page as openid selector; show/hide as buttons are pressed 2010-05-08 15:57:39 -04:00
Joey Hess d0c17a4a46 calendar: Display year name in title of month calendar.
Also, fix relative month calculations.
2010-05-08 13:51:05 -04:00
Joey Hess fd817f9ac3 calendar: nextchange calculation bugfix
If a page had multiple calendars, the last one won and set nextchange.
That's wrong; the calendar that needs to next update soonest should win.
2010-05-08 12:52:19 -04:00
Joey Hess 0f778849c6 calendar: Allow negative month to be specified. -1 is last month, etc. (And also negaitve years.) 2010-05-08 12:45:21 -04:00
Joey Hess 937b24e0cf Merge branch 'master' into commentreorg 2010-05-07 22:30:42 -04:00
Joey Hess b8dcaf91d0 scale display form to match openid size 2010-05-07 21:48:50 -04:00
Joey Hess 8f6cfbfade Removed the openidsignup option. 2010-05-07 21:33:27 -04:00
Joey Hess 1e75389a85 bugfix
Always load IkiWiki::CGI so its cgi_signin is present, so we replace it.
2010-05-07 21:28:59 -04:00
Joey Hess dc0d48459c bugfix 2010-05-07 21:27:02 -04:00
Joey Hess c1e365abdc remove loginlabel, not used 2010-05-07 21:20:21 -04:00
Joey Hess f8c2a67b3c pretty openid login
* openid: Incorporated a fancy openid-selector signin form.
  (http://code.google.com/p/openid-selector/)
* openid: Use "openid_identifier" as the form field, as required
  by OpenID Authentication v2.0 spec.
2010-05-07 20:14:25 -04:00
Joey Hess 378c647768 patch hidden field setting code
Fixes http://code.google.com/p/openid-selector/issues/detail?id=11#c3
2010-05-07 19:10:50 -04:00
Joey Hess 2ee820dedd avoid linking directly to ikiwiki.cgi?do=signin
Instead, add a custom do=commentsignin, that calls cgi_signin.

This allows a plugin to inject a custom cgi_signin, that uses a different
do= parameter, and have it be used consitently. (This was the only
place to hardcode a link to do=signin.)
2010-05-07 17:11:23 -04:00
Joey Hess b50b549cab fix comment matching pagespecs
test isinternal first, because match_glob with internal => 1 also returns
non-internal pages that match. This order should also be faster.

Remove test to see if pagesources is set. isinternal will not succeed if it
is not.
2010-05-07 14:02:30 -04:00
Joey Hess fe8f4a7781 better wording 2010-05-07 13:55:08 -04:00
Joey Hess 2dfdadf10c bugfix 2010-05-07 13:47:29 -04:00
Joey Hess 8d3c89f0c7 bugfixes 2010-05-07 13:44:24 -04:00
Joey Hess be0c2df6db check that pagesources exists before testing 2010-05-07 13:28:14 -04:00
Joey Hess 8cd216d748 fix match_comment 2010-05-07 12:55:34 -04:00
Joey Hess 5e6ed10583 nasty update to ugly hack to allow comment() pagespecs to work 2010-05-07 12:43:51 -04:00
Joey Hess 3adb47ec4f Merge branch 'master' into commentreorg
Conflicts:
	debian/changelog
2010-05-07 12:42:38 -04:00
Joey Hess 915d9281db call delete hook even if only internal pages are deleted 2010-05-07 00:26:59 -04:00