Commit Graph

991 Commits (d9a0af0dd2929f5881f9273e784769474557361e)

Author SHA1 Message Date
Joey Hess 880d098dab template change documentation 2008-05-06 14:33:03 -04:00
Joey Hess 64f9dfee32 typo 2008-05-05 20:44:18 -04:00
Joey Hess 1f88cad3a2 aggregate: Add support for web-based triggering of aggregation for people stuck on shared hosting without cron. (Sheesh.) Enabled via the `aggregate_webtrigger` configuration optiom. 2008-05-05 20:20:45 -04:00
Joey Hess 545054c356 releasing version 2.45 2008-05-05 15:17:44 -04:00
Joey Hess 3a9dfb8361 enhancesments for shared hosting
* Add a Bundle::Ikiwiki to the source for use with CPAN to install *all*
  the modules ikiwiki can use.
* Add a cpan directory containing a CPAN::MyConfig that can ease use of
  CPAN to install in a home directory on shared hosting providers.
* With these changes, it's pretty easy to install onto nearlyfreespeech.net
  and probably other shared hosting providers like dreamhost. Added
  a tip page documentng the process for nearlyfreespeech.
2008-05-05 14:51:26 -04:00
Joey Hess f06267fc3b git: Put -- before the filename when calling git rev-list to avoid warning message when the file doesn't exist. 2008-05-02 13:03:42 -04:00
Joey Hess b2dea99417 Fix ugly display when editing a page that has vanished.
srcfile now has an optional second parameter to avoid it throwing an error
if the source file does not exist.
2008-05-02 13:02:07 -04:00
Joey Hess 6f852e88e3 anonk: Add anonok_pagespec configuration setting that can be used to allow anonymous users to edit only matching pages. Closes: #478892 2008-05-01 14:58:23 -04:00
Joey Hess bb51e81762 img: Support a title attribute, will be passed through to html. Closes: #478718 2008-04-30 12:58:36 -04:00
Joey Hess 788f83c97d Add missing de.po. Closes: #471540 2008-04-29 16:28:07 -04:00
Joey Hess dbb5d11196 Deal with different paths to perl when removing -T flag. 2008-04-28 15:37:17 -04:00
Joey Hess 9f02ee8634 Add PREFIX/bin to the hardcoded PATH within ikiwiki. 2008-04-28 13:44:37 -04:00
Joey Hess 9652cdfe2e toc: Add the table of contents at sanitize time, rather than at format time. This allows the toc to be displayed when previewing an edit. It also avoids headers in the page template from showing up in the toc. 2008-04-26 15:13:01 -04:00
Joey Hess 7d7f85bbb5 Correct a bug in pagespec matching, where a empty pagespec matched all pages.
This manifested as wikis with no locked pages treating them all as locked.
The bug was introduced in version 2.41.

Medium urgency upload due to above fix.
2008-04-24 13:49:15 -04:00
Joey Hess a46261fec2 Allow libtext-markdown-perl to satisfy dependencies, as a an alternative to the markdown package. 2008-04-21 15:14:39 -04:00
Joey Hess 3912a9f5e9 add CVE link 2008-04-20 15:25:51 -04:00
Joey Hess f1228946bd Bring back the svnrepo setup file option. This is needed for recentchangediff to work with svn repos. 2008-04-17 14:37:55 -04:00
Joey Hess 18cb252e74 releasing version 2.43 2008-04-16 18:44:58 -04:00
Joey Hess 14b59caba3 Recommend a recent git-core for git init. Closes: 475609 2008-04-11 20:06:23 -04:00
Joey Hess 2beb279806 Give the full path to the hyperestraier helpfile in estseek.conf. 2008-04-10 17:50:43 -04:00
Joey Hess b698bf2408 Use bzr --quiet to avoid it outputting stuff and messing up http headers. (Scott Bronson) 2008-04-10 17:44:40 -04:00
Joey Hess e4395a567b Fix broken rcs_update for bzr. (Scott Bronson) 2008-04-10 17:41:43 -04:00
Joey Hess e1d456a86f Fix missing import of escapeHTML in userlink. (Scott Bronson) 2008-04-10 17:39:51 -04:00
Joey Hess 7f51c69491 releasing version 2.42 2008-04-10 17:24:08 -04:00
Joey Hess 72b5ef2c5f Fix CSRF attacks against the preferences and edit forms. Closes: #475445
The fix involved embedding the session id in the forms, and not allowing the
forms to be submitted if the embedded id does not match the session id.

In the case of the preferences form, if the session id is not embedded,
then the CGI parameters are cleared. This avoids a secondary attack where the
link to the preferences form prefills password or other fields, and
the user hits "submit" without noticing these prefilled values.

In the case of the editpage form, the anonok plugin can allow anyone to edit,
and so I chose not to guard against CSRF attacks against users who are not
logged in. Otherwise, it also embeds the session id and checks it.

For page editing, I assume that the user will notice if content or commit
message is changed because of CGI parameters, and won't blndly hit save page.
So I didn't block those CGI paramters. (It's even possible to use those CGI
parameters, for good, not for evil, I guess..)

The only other CSRF attack I can think of in ikiwiki involves the poll plugin.
It's certianly possible to set up a link that causes the user to unknowingly
vote in a poll. However, the poll plugin is not intended to be used for things
that people would want to attack, since anyone can after all edit the poll page
and fill in any values they like. So this "attack" is ignorable.
2008-04-10 16:35:30 -04:00
Joey Hess 04e7467807 need to handle urls to images the same
Also, simplified finding the url to the top of the site.
2008-04-03 16:37:05 -04:00
Joey Hess de8c34df59 aggregate: Correct a mistake in the code that dummy up a guid for feeds lacking one. 2008-04-03 02:36:01 -04:00
Joey Hess 5b8f2742f3 releasing version 2.41 2008-03-29 21:17:15 -04:00
Joey Hess f6bd81db15 Added a hardlink option in the setup file, useful if the source and dest are on the same filesystem and the wiki includes large media files, which would normally be copied, wasting time and space. 2008-03-29 21:02:47 -04:00
Joey Hess d2911a20a6 inline: Allow the "feedshow" parameter to take values greater than the value for "show". 2008-03-23 17:39:03 -04:00
Joey Hess 479f75abf4 defer po and pot file updating until package build time
This allows make to be run without polluting the tree with lots of po file
changes.
2008-03-21 16:32:23 -04:00
Joey Hess ca8852b434 external: Work around XML RPC's lack of support for null by passing a special sentinal value. 2008-03-21 15:12:15 -04:00
Joey Hess 213eb2e408 Changed to a binary index file, written using Storable, for speed
During refresh of a wiki with 800 files, loadindex was using more total
time than any other function, and saveindex was also in the top ten.
Rewriting them to use Storable makes them three times as fast.

0.7 seconds is saved on my laptop in profiling mode.
2008-03-21 09:07:44 -04:00
Joey Hess bf7360347e Precompile pagespecs, about 10% overall speedup
About 12% of ikiwiki runtime was spent in pagespec_match. It was evaling
the same pagespec code over and over again. This changes pagespec_translate
to return memoized, precompiled functions that can be called to match against
a given pagespec.

This also allows getting rid of the weird variable scoping trick that had
to be in effect for pagespec_translate to be called -- the variables are
now just fed into the function it returns.

On my laptop, this drops build time for the docwiki from about 60 to 50
seconds.
2008-03-21 06:36:07 -04:00
Joey Hess f937c1fb80 crazy optimisation to work around slow markdown
Markdown is slow. Especially if it has to process an enormous page. The
most common enormous page is currently the recentchanges page, which gets
processed a lot, and contains very little actual markdown. Most of it is a
big <div>, which markdown skips ... slowly.

This is a rather sick optimisation to work around markdown's speed issues.
Now inline inserts a small, dummy div, allows markdown to quickly render
the actual page content, then replaces the dummy with the actual inlined
pages later.

Results: Rendering just a recentchanges page, with diffs included, dropped
from 4.5 seconds to 2.7 seconds on my laptop. Building the entire wiki
dropped from 46.6 seconds to 39.5 seconds.

(It would be better if inline were a *post*-processor directive.)
2008-03-21 04:48:26 -04:00
Joey Hess be4e3ad587 typo 2008-03-21 02:43:56 -04:00
Joey Hess 44824dba1b smiley: Detect smileys inside pre and tags, and do not expand. 2008-03-21 02:43:20 -04:00
Joey Hess 628467125c Close meta tag for redir properly. 2008-03-21 00:24:06 -04:00
Joey Hess c92e9b34ec Store userinfo in network byte order for easy portability. (Old files will be automatically converted.) 2008-03-19 22:46:51 -04:00
Joey Hess 127d97066b Time::Duration is no longer used, remove from docs and recommends. 2008-03-19 21:59:40 -04:00
Joey Hess 556ec23914 German translation update. Closes: #471540 2008-03-18 16:36:19 -04:00
Joey Hess 52e16d4ec9 * Record new pages in %pagesources temporarily when previewing so that
things that need to know the page source or type can query it from there.
  Fixes previewing of tables when creating a new page.
2008-03-17 21:28:31 -04:00
Joey Hess 4690a450eb update 2008-03-17 17:17:53 -04:00
Joey Hess 8a29361c32 * Detect invalid pagespecs and do not merge them in add_depends,
as that can result in a broken merged pagespec that matches nothing.
2008-03-17 14:04:59 -04:00
Joey Hess 52d9f8e9f3 * Correct bug in encoding of %pagestate keys, fixes edittemplate. 2008-03-17 13:08:16 -04:00
Joey Hess ba480baa9e * external: Add getargv and setargv methods to allow access to ikiwiki's
@ARGV.
2008-03-15 14:19:49 -04:00
Joey Hess 5a7a89ffc5 * htmltidy: Pass --markup yes, in case tidy's config file disabled it. 2008-03-15 13:58:08 -04:00
Joey Hess e7ce86db11 * external: Fix support of XML::RPC::fault. 2008-03-15 13:49:22 -04:00
Joey Hess 618a317f57 update 2008-03-15 13:22:29 -04:00
Joey Hess 75cddc22d3 update 2008-03-15 13:20:52 -04:00
Joey Hess 8484b3d5e6 * French translation update. Closes: #471010 2008-03-15 12:35:42 -04:00
Joey Hess 7b6686ce70 * Fix expiry of old recentchanges changeset pages. 2008-03-14 18:55:17 -04:00
Joey Hess 99c65a4c0e * Use absolute url for feedurl when filling out the feed templates.
Closes: #470530
2008-03-12 18:49:41 -04:00
Joey Hess f7bdc2385d * Use forcebaseurl to make page previews be displayed with the html base
set to the destination page. This avoids need for hacks to munge the urls
  in preview mode, which fixes several bugs.
* Several destpage fixes in plugins.
2008-03-12 14:21:48 -04:00
Joey Hess 5cc97e1df4 changelog 2008-03-12 10:47:17 -04:00
Joey Hess 2fa9da9f16 * monotone: Require version 0.38 or greater, and stop using the mtnmergerc
option. (Brian May)
2008-03-12 10:46:04 -04:00
Joey Hess c2dd8de9a8 update 2008-03-11 15:54:09 -04:00
Joey Hess 816d124a64 add changelog messages 2008-03-11 15:52:47 -04:00
Joey Hess fc4c1b7ec8 * Remove locking code in git rcs_commit. I'm not sure if this was ever
correct, and it's certianly not correct now, since the wiki is locked
  before rcs_commit is ever called, and should not be unlocked by
  rcs_commit either.
2008-03-07 12:25:40 -05:00
Joey Hess eff0e7aa8a * Fix example exclude regexp. Closes: #469691 2008-03-06 12:09:10 -05:00
Joey Hess 4401e5b9ed * Updated Spanish translation from Victor Moral. 2008-03-06 12:04:24 -05:00
Joey Hess eec482aa65 test for Text::Markdown::[Mm]arkdown and use the available one
Markdown is such a splintered mess.. The current debian package provides
only Text::Markdown::Markdown, while all versions of Text::Markdown support
Text::Markdown::markdown, and old versions also support the capitalised version,
while new ones don't.

It's getting to the point where `grep /markdown/i %symbol_table` is the only
sane way to figure out what function to call..
2008-03-04 20:29:52 -05:00
Joey Hess 0217eebf49 * Use Text::Markdown::markdown, since version 1.0.16 of Text::Markdown
no longer supports Text::Markdown::Markdown. All old versions of
  Text::Markdown also support the lower-case version.
2008-03-04 20:17:55 -05:00
Joey Hess d93aaed791 * Add recentchangesdiff plugin that adds diffs to the recentchanges feeds.
* rcs_diff is a new function that rcs modules should implement.
* Implemented rcs_diff for git, svn, and tla (tla version untested).
  Mercurial and monotone still todo.
2008-03-03 15:53:34 -05:00
martin f. krafft c10cfb27d1 Add robots tag to meta plugin
Add special handling for <meta name="robots" ...> which needs not be
scrubbed as it's harmless.

Signed-off-by: martin f. krafft <madduck@madduck.net>
(cherry picked from commit b15d0299a7f7b147e89d8a202d6cca1c21491af2)
2008-03-02 18:04:09 -05:00
Adeodato Simó a8f08ab8e1 Make directives generated by shortcuts accept a `desc` parameter.
(cherry picked from commit 252da396bfa728b99af7c9bb304a7b5f3f6d94e6)
2008-03-02 18:04:09 -05:00
Joey Hess c7b376377f releasing version 2.40 2008-02-29 23:23:16 -05:00
Joey Hess 95b77d9c4d add changelog entry 2008-02-29 22:54:19 -05:00
Joey Hess af20ee2b76 * ikiwiki-makerepo: Don't fail if the third argument ends in a slash. 2008-02-24 17:56:39 -05:00
Joey Hess 4eabb3cb7a * inline: When forcing urls absolute for rss feeds, skip mailto and other
such urls.
2008-02-24 17:07:56 -05:00
Joey Hess bd55d276b3 Fix links generated by preprocessor directives when previewing.
As was already done for linkfication, links generated in a prevew page
are relative to the top of the wiki, so it has to be told that the destpage
is there.

I was using "" to indicate this, but that may confuse some preprocessor
plugins, which treat parameters with an empry value specially (sparkline is one
such). Instead, use "/", which is more accurate anyway and works just as well.
2008-02-24 16:37:11 -05:00
Joey Hess d14bde197e * Disable taint checking for all builds as people keep complaining about it,
and since all versions of perl seem to be hopelessly broken.
2008-02-24 15:42:43 -05:00
Joey Hess f7303db5a1 * Fix another preview will_render bug. This one involved inline,
which forced a scan of the page to make available metadata that
  appeared after the inline directive. Problem is that scan made it forget
  about any other files rendered due to the page. The scan also turns out
  to be unnecessary now, since meta persistently stores state and it's
  always available. So it was just removed.
2008-02-24 15:36:25 -05:00
Joey Hess 5f1a97d954 retroactively add bug closure and CVE ids 2008-02-20 16:46:31 -05:00
Joey Hess a59af82bb8 * tla: Remove call to escapeHTML when constructing recentchanges message;
the html is escaped at a different level. Closes: #466495
* bzr, mercurial: Remove unused import of escapeHTML.
2008-02-20 16:45:02 -05:00
Joey Hess 1c06aed378 * monotone: Add code to default mergerc file to run
_MTN/ikiwiki-netsync-hook when a commit is merged in from the net.
2008-02-14 16:10:33 -05:00
Joey Hess 553136ec1f * Preview limits the page dropdown to what's selected previously
(as preserving the full list across preview would be tricky). Userdirs
  were still being offered as an option there, remove them.
* Fix a bug where user A created a page concurrently with user B, and
  when B previewed it would redirect B to A's new page, losing B's work.
  Instead, don't redirect and let conflict handling resolve it.
2008-02-14 15:42:14 -05:00
Joey Hess 8be2b60aac * The search plugin needs to override <base> to point to the directory
containing ikiwiki.cgi, but this should not change the urls to the style
  sheets etc. Add a new forcebareurl parameter to misctemplate to allow
  it to do that.
2008-02-14 15:20:49 -05:00
Joey Hess 4eabe04ced * Depend on HTML::Scrubber, since the scrubber is enabled by default and
dies if its can't be loaded.
2008-02-13 13:17:07 -05:00
Joey Hess 49adc59474 * Setting NOTAINT=1 had no effect when building ikiwiki itself, fix this. 2008-02-12 17:17:49 -05:00
Joey Hess 491c62f5b0 fix name of plugin in changelog 2008-02-11 23:05:18 -05:00
Joey Hess 1de1fb15a0 * camelcase: Convert to use new linkify and scan hooks rather than the old
hack.
2008-02-11 23:04:19 -05:00
Joey Hess 4763514861 * Add the linkify and scan hooks. These hooks can be used to implement
custom, first-class types of wikilinks.
* Move standard wikilink implementation to a new wikilink plugin, which
  will of course be enabled by default.
2008-02-11 22:48:27 -05:00
Josh Triplett 5163646e26 Remove trailing whitespace from README.Debian 2008-02-10 22:55:48 -08:00
Josh Triplett 2294200e70 Remove trailing whitespace 2008-02-10 22:54:56 -08:00
Joey Hess 4aab5f0a73 * Generate XML RPC messages with the encoding set to utf-8 instead
of XML::RPC's default of us-ascii. Allows interoperation with
  python's xmlrpc library, which threw invalid encoding exceptions and
  caused the rst plugin to hang.
2008-02-11 00:11:49 -05:00
Joey Hess 1510725aef * Danish translation update from Jonas Smedegaard. Closes: #465152 2008-02-10 19:05:33 -05:00
Joey Hess 78c7f4dc71 attribution 2008-02-10 18:46:53 -05:00
Josh Triplett 728dfd9595 Allow the smb: URI scheme. 2008-02-10 15:08:56 -08:00
Josh Triplett 502cd00ec7 Allow the snews: URI scheme. 2008-02-10 15:05:11 -08:00
Josh Triplett ec9d3ab549 Do not allow the steam: URI scheme. 2008-02-10 14:59:08 -08:00
Josh Triplett 3cda22a27f Match literal '.' in URI schemas containing '.', rather than matching any character 2008-02-10 14:50:30 -08:00
Joey Hess bbcf878f75 * meta: Check that the urls provided for authorurl, permalink, and openid
are safe and can't contain javascript.
2008-02-10 17:17:44 -05:00
Josh Triplett d20e24b636 Also filter the attributes cite, longdesc, and usemap, which can contain URIs 2008-02-10 13:59:37 -08:00
Josh Triplett 34115a34e0 Move about: fix to version 2.31.3 in the changelog 2008-02-10 13:36:52 -08:00
Josh Triplett a7be7bdf56 Do not allow the about: URI scheme
Some browsers interpret about: URIs like a limited version of data:
URIs.  In particular, some versions of Internet Explorer interpret
arbitrary HTML content in about: URIs.
2008-02-10 13:23:28 -08:00
Joey Hess 6aa25f2757 update 2008-02-10 15:38:57 -05:00
Joey Hess 852994d950 changelog munging 2008-02-10 14:17:27 -05:00
Joey Hess d7e0c035e5 * htmlscrubber security fix: Block javascript in uris.
* Add htmlscrubber test suite.
2008-02-10 13:16:40 -05:00
Joey Hess c041e97c29 fix versions 2008-02-10 02:13:09 -05:00