Joey Hess
e15e3202eb
releasing version 2.14
2007-11-26 15:30:44 -05:00
joey
c8b4ba354f
* Fix a security hole that allowed insertion of unsafe content via the meta
...
plugins's support for inserting html link and meta tags. Now such content
is passed through the htmlscrubber like everything else.
* Unfortunatly, that means that some valid uses of those tags are no longer
usable, and special case methods needed to be added for including
stylesheets, and for doing openid delegation. If you use either of these
in your wiki, it will need to be modified. See the meta plugin docs
for details.
2007-03-21 18:52:56 +00:00
joey
1c65ca4922
* Fix a few bugs around page titles containing html. The worst of these
...
is an actual security hole as it allows insertion of html into the title
element of a page, which is not processed by the htmlscrubber.
2007-03-21 06:05:21 +00:00
joey
40f318f3e9
document recent security hole
2007-02-14 01:31:31 +00:00
joey
c54f2e20ac
web commit by JeremyReed: typo fix
2006-12-27 03:43:56 +00:00
joey
9d63be9af9
web commit by http://id.kurokatta.org/david : Copyedit.
2006-11-21 12:43:22 +00:00
joey
c49af80ab3
some notes about the security (or lack thereof) of plugins
2006-10-22 21:12:21 +00:00
joey
e16746a52f
* Add toc (table of contents) plugin.
2006-08-28 07:40:20 +00:00
joey
4a4c0b6268
update
2006-08-28 04:35:49 +00:00
joey
4ad7c9d625
* Patch from James Westby to add a --sslcookie switch, which forces
...
cookies to only be sent over ssl connections to avoid interception.
* Factor out the cgi header printing code into a new function.
* Fix preferences page on anonok wikis; still need to sign in to get
to the preferences page.
2006-08-27 20:25:05 +00:00
joey
9d7375c3b2
* Allow preprocessor directives to contain python-like triple-quoted
...
text blocks, for easy nesting of quotes inside.
* Add a template plugin.
* Use the template plugin to add infoboxes to each plugin page listing basic
info about the plugin.
2006-08-23 05:41:07 +00:00
joey
4d6f5e5a14
update
2006-08-18 06:22:38 +00:00
joey
2ea8fbe2d9
misc changes
2006-08-05 21:15:50 +00:00
joey
2c0b310cc2
releasing version 1.13
2006-08-02 01:31:39 +00:00
joey
8a5f9f6e00
security note
2006-07-30 06:08:56 +00:00
www-data
dc35513522
web commit by ThomasSchwinge: Typo fixes.
2006-07-02 16:50:13 +00:00
www-data
995dfd6cf4
web commit by joey
2006-07-02 02:22:22 +00:00
joey
0bb605baf8
* Parse svn log as xml for improved utf8 and security. Note that this makes
...
ikiwiki depend on XML::Simple. Patch by Faidon Liambotis.
2006-07-02 02:18:31 +00:00
joey
140658bc51
* More security review.
2006-06-01 20:44:12 +00:00
joey
477c11ad4d
typo
2006-05-26 16:23:48 +00:00
joey
6652de5e1a
* Removed --sanitize and --no-sanitize, replaced with --plugin htmlscrubber
...
and --disable-plugin htmlscrubber.
2006-05-05 05:41:11 +00:00
joey
54d5308cd8
* Added plugin system, currently only supporting for PreProcessorDirectives.
...
* Added a pagecount plugin, enabled by default.
* Support PreProcessorDirectives with no parameters, ie "[[pagecount ]]".
* Fixed/optimised backlinks code, to avoid rebuilding pages to update
backlinks when the backlinks hadn't really changed.
* Moved inline page support, rss generation etc into the inline plugin,
enabled by default.
* Added brokenlinks plugin, not enabled by default, but rather handy.
* Fix several broken links in the doc wiki.
2006-05-02 02:34:33 +00:00
www-data
788eebfc18
web commit by joey
2006-04-25 06:04:54 +00:00
www-data
699024fa15
web commit by joey
2006-04-25 06:04:20 +00:00
joey
2c64a9f6f1
security update
2006-04-25 06:02:38 +00:00
www-data
1a382e051f
web commit by joey
2006-04-25 03:33:26 +00:00
www-data
903db5e5d5
web commit by joey
2006-04-25 03:33:17 +00:00
www-data
dc558930f2
web commit by joey
2006-04-25 03:30:19 +00:00
joey
d7aecf6ddc
implemented html sanitisation
2006-04-25 03:18:21 +00:00
www-data
ec9e013f3c
web commit by joey
2006-04-25 00:39:19 +00:00
joey
698aeb2016
update
2006-04-24 23:05:17 +00:00
joey
1c8b757580
update
2006-04-24 23:03:40 +00:00
joey
efe91335c6
improve fix for symlink attacks to check subdirectories for symlinks too
...
before writing
2006-03-29 18:50:36 +00:00
joey
975ae0944c
Implemented --underlaydir, and moved files provided by underlay out of doc
...
so I don't need to maintain two copies anymore.
You might also want to remove the files provided in the basewiki underlay
from your wiki, if you have not created custom local versions of them, so
that these pages will be automatically updated in future ikiwiki upgrades.
2006-03-29 18:21:01 +00:00
joey
9092356173
added --getctime
2006-03-26 02:30:44 +00:00
joey
62f1f9732b
found & fixed another symlink attack
2006-03-23 04:33:35 +00:00
joey
325d5c791f
added adminuser settings, globlist support, and used this to implement page
...
locking
2006-03-23 01:40:46 +00:00
www-data
ae0475367c
web commit by joey
2006-03-19 22:01:43 +00:00
www-data
cc5248c5f6
web commit by joey
2006-03-19 22:00:58 +00:00
www-data
1d8e719e6a
web commit by joey
2006-03-19 22:00:23 +00:00
www-data
93f8af972b
web commit by joey
2006-03-19 20:49:26 +00:00
www-data
c0a2814124
web commit by joey
2006-03-16 21:09:41 +00:00
www-data
c868d08aeb
web commit by joey
2006-03-16 21:07:32 +00:00
www-data
18879c0a14
web commit by joey
2006-03-16 21:06:32 +00:00
www-data
0340c45ea1
web commit by joey
2006-03-15 06:10:26 +00:00
www-data
7f6610f249
web commit by joey
2006-03-15 06:02:57 +00:00
www-data
4c232a06de
web commit by joey
2006-03-15 05:56:48 +00:00
joey
0f35669dd6
foo
2006-03-13 19:31:05 +00:00
joey
0563a600e9
security improvements, switched to single session db file
2006-03-12 18:07:14 +00:00
joey
1311d67f0d
added signin form, although it needs to be hooked up to a user store
2006-03-12 02:22:29 +00:00
www-data
b35fee6c6d
web commit from 66.118.98.137:
2006-03-11 06:03:44 +00:00
www-data
fd69e837b6
web commit from 66.118.98.137:
2006-03-11 06:03:30 +00:00
www-data
dce2ce40e8
web commit from 66.118.98.137:
2006-03-11 06:02:51 +00:00
www-data
8440a771c1
web commit from 66.118.98.137:
2006-03-11 06:00:48 +00:00
joey
965afd875c
up
2006-03-11 05:41:25 +00:00
joey
57706b5d4a
foo
2006-03-11 05:08:25 +00:00
joey
deb4e4b0c2
update
2006-03-10 23:43:44 +00:00
joey
942d5896cd
added cgi support
2006-03-10 23:16:09 +00:00
joey
d5566303d6
foo
2006-03-10 09:16:07 +00:00
joey
9ab1c273f6
autowrapper
2006-03-10 09:02:09 +00:00
joey
a1997e1994
add
2006-03-10 02:10:44 +00:00