Commit Graph

18765 Commits (e4f807e857d4a7aa2fbb3491af42ab6f4a061f58)

Author SHA1 Message Date
fr33domlover e4f807e857 Typos... 2014-10-23 07:16:26 -04:00
fr33domlover 71b347e842 2014-10-23 07:15:55 -04:00
fr33domlover bdec9d5e5f 2014-10-23 07:15:27 -04:00
fr33domlover 3bccedd492 wishlist: ask about using ikiwiki as ML 2014-10-23 07:14:16 -04:00
fr33domlover 62cd653a3a wishlist 2014-10-23 07:13:19 -04:00
smcv ac4c0271e8 Added a comment 2014-10-23 04:06:51 -04:00
smcv 7bccc272f9 Added a comment 2014-10-23 03:57:40 -04:00
openmedi fc5cf77d3f Added a comment 2014-10-22 18:01:43 -04:00
fr33domlover 408bf555fc Added a comment 2014-10-22 12:46:02 -04:00
fr33domlover 67d1960676 New wishlist item - put /tags page in the basewiki? 2014-10-22 11:20:00 +03:00
openmedi 1ba0317241 2014-10-20 21:11:53 -04:00
openmedi 1bbdc76f9a 2014-10-20 21:00:30 -04:00
http://anastigmatix.net/ 34e7fe13e4 Hadn't listed any drawbacks for the FastCGI Authorizer idea. 2014-10-20 19:58:54 -04:00
http://anastigmatix.net/ 8d7ad8c345 Review request for: Let plugins influence what environment variables a wrapper will preserve 2014-10-20 19:07:13 -04:00
http://anastigmatix.net/ 34373e0df9 Fix dangling link to branch I deleted after merge. Link instead to merged commits in ikiwiki repo. 2014-10-20 18:39:55 -04:00
Amitai Schlair 2e9992568f Add ikiwiki-comment to shebang_scripts. 2014-10-20 14:20:41 -04:00
Joey Hess d858ce3e93 Add missing build-depends on libcgi-formbuilder-perl, needed for t/relativity.t 2014-10-20 12:28:54 -04:00
Joey Hess 82a4fb49ae add ikiwiki-comment program 2014-10-20 12:08:07 -04:00
http://anastigmatix.net/ 13331e8243 bit on how inlinability isn't only bad 2014-10-19 17:48:47 -04:00
http://anastigmatix.net/ f49d15649f Add link to the proposed wrapper generation patch 2014-10-19 17:37:46 -04:00
http://anastigmatix.net/ 9a4fab05e0 initial description of signinview plugin 2014-10-19 17:07:15 -04:00
http://anastigmatix.net/ 18f41b73da more on caching behavior 2014-10-19 14:40:02 -04:00
http://anastigmatix.net/ bc509a3119 make formatting more consistent 2014-10-19 14:17:03 -04:00
http://anastigmatix.net/ 623b428efe discuss zoned-ikiwiki implementation approaches, including signinview plugin 2014-10-19 14:12:11 -04:00
http://anastigmatix.net/ c4493533b6 it helps to distinguish some use cases 2014-10-19 13:32:52 -04:00
Amitai Schlair 60188d7280 also search 2014-10-19 13:13:07 -04:00
http://anastigmatix.net/ fea2ec0926 start fleshing out "things that make zoned ikiwiki hard" 2014-10-19 13:09:33 -04:00
Amitai Schlair f9fe7fd254 sign previous 2014-10-19 13:08:13 -04:00
Amitai Schlair 9f04f8ccc5 Match word boundary (think "/usr/bin/perl5.18"). 2014-10-19 13:07:34 -04:00
https://www.google.com/accounts/o8/id?id=AItOawlGzzISNi9sKsbbqyRjCZEecyypgaFV56U f47af2b8c4 2014-10-19 12:04:48 -04:00
https://www.google.com/accounts/o8/id?id=AItOawlGzzISNi9sKsbbqyRjCZEecyypgaFV56U 1cfaacbfb5 [patch], patch 2014-10-19 12:04:02 -04:00
openmedi b9558ad3aa Added a comment 2014-10-17 13:23:13 -04:00
Amitai Schlair 305c91ccfb Remove space from perl shebang path. 2014-10-17 09:05:00 -04:00
Amitai Schlair 7a2446f798 Disambiguate myself a bit (like that's needed). 2014-10-16 21:51:18 -04:00
Simon McVittie d9b1e10d72 reformat 2014-10-17 01:07:50 +01:00
Simon McVittie 04f9ce457f news 2014-10-17 01:01:53 +01:00
Simon McVittie d922b1897c Merge remote-tracking branch 'refs/remotes/dgit/dgit/sid' 2014-10-17 00:02:33 +01:00
Simon McVittie a89dbd9892 release 2014-10-16 23:28:35 +01:00
Simon McVittie 44e05edaf4 debian: fix some wrong paths in the copyright file 2014-10-16 23:28:23 +01:00
Simon McVittie 0e783e915b debian: rename debian/link to debian/links so the intended symlinks appear 2014-10-16 23:04:11 +01:00
Simon McVittie 37296bcb5a close a bug 2014-10-16 23:03:48 +01:00
Simon McVittie 0c73a825d1 Drop unused python-support dependency 2014-10-16 22:48:09 +01:00
Simon McVittie 3429e81596 changelog so far 2014-10-16 22:44:29 +01:00
Simon McVittie e1deb28e08 build-depend on libcgi-pm-perl too, for tests 2014-10-16 22:40:52 +01:00
Simon McVittie edbc54ec6e Explicitly depend on CGI.pm, which is no longer in Perl core
I was going to depend on the version that has CGI->param_fetch,
but that has been supported since 2.37, which is older than oldstable.
2014-10-16 22:24:48 +01:00
Amitai Schlair 09e7c1ad99 IkiWiki::Plugin::openid: as a precaution, do not call non-coderefs
We're running under "use strict" here, so if CGI->param's array-context
misbehaviour passes an extra non-ref parameter, it shouldn't be executed
anyway... but it's as well to be safe.

[commit message added by smcv]
2014-10-16 22:24:48 +01:00
Amitai Schlair cfbcbda0ad Call CGI->param_fetch instead of CGI->param in array context
CGI->param has the misfeature that it is context-sensitive, and in
particular can expand to more than one scalar in function calls.
This led to a security vulnerability in Bugzilla, and recent versions
of CGI.pm will warn when it is used in this way.

In the situations where we do want to cope with more than one parameter
of the same name, CGI->param_fetch (which always returns an
array-reference) makes the intention clearer.

[commit message added by smcv]
2014-10-16 22:24:47 +01:00
Simon McVittie f4ec7b06d9 Make sure we do not pass multiple CGI parameters in function calls
When CGI->param is called in list context, such as in function
parameters, it expands to all the potentially multiple values
of the parameter: for instance, if we parse query string a=b&a=c&d=e
and call func($cgi->param('a')), that's equivalent to func('b', 'c').
Most of the functions we're calling do not expect that.

I do not believe this is an exploitable security vulnerability in
ikiwiki, but it was exploitable in Bugzilla.
2014-10-16 22:24:47 +01:00
https://www.google.com/accounts/o8/id?id=AItOawk8U772S3jDrZJCO0WA5WaDLjJv5mMl6Yw d8943d8668 Added a comment: It was an Apache problem... 2014-10-16 10:57:26 -04:00
smcv 99bc12a3ab branch 2014-10-16 08:11:52 -04:00