fr33domlover
e4f807e857
Typos...
2014-10-23 07:16:26 -04:00
fr33domlover
71b347e842
2014-10-23 07:15:55 -04:00
fr33domlover
bdec9d5e5f
2014-10-23 07:15:27 -04:00
fr33domlover
3bccedd492
wishlist: ask about using ikiwiki as ML
2014-10-23 07:14:16 -04:00
fr33domlover
62cd653a3a
wishlist
2014-10-23 07:13:19 -04:00
smcv
ac4c0271e8
Added a comment
2014-10-23 04:06:51 -04:00
smcv
7bccc272f9
Added a comment
2014-10-23 03:57:40 -04:00
openmedi
fc5cf77d3f
Added a comment
2014-10-22 18:01:43 -04:00
fr33domlover
408bf555fc
Added a comment
2014-10-22 12:46:02 -04:00
fr33domlover
67d1960676
New wishlist item - put /tags page in the basewiki?
2014-10-22 11:20:00 +03:00
openmedi
1ba0317241
2014-10-20 21:11:53 -04:00
openmedi
1bbdc76f9a
2014-10-20 21:00:30 -04:00
http://anastigmatix.net/
34e7fe13e4
Hadn't listed any drawbacks for the FastCGI Authorizer idea.
2014-10-20 19:58:54 -04:00
http://anastigmatix.net/
8d7ad8c345
Review request for: Let plugins influence what environment variables a wrapper will preserve
2014-10-20 19:07:13 -04:00
http://anastigmatix.net/
34373e0df9
Fix dangling link to branch I deleted after merge. Link instead to merged commits in ikiwiki repo.
2014-10-20 18:39:55 -04:00
Amitai Schlair
2e9992568f
Add ikiwiki-comment to shebang_scripts.
2014-10-20 14:20:41 -04:00
Joey Hess
d858ce3e93
Add missing build-depends on libcgi-formbuilder-perl, needed for t/relativity.t
2014-10-20 12:28:54 -04:00
Joey Hess
82a4fb49ae
add ikiwiki-comment program
2014-10-20 12:08:07 -04:00
http://anastigmatix.net/
13331e8243
bit on how inlinability isn't only bad
2014-10-19 17:48:47 -04:00
http://anastigmatix.net/
f49d15649f
Add link to the proposed wrapper generation patch
2014-10-19 17:37:46 -04:00
http://anastigmatix.net/
9a4fab05e0
initial description of signinview plugin
2014-10-19 17:07:15 -04:00
http://anastigmatix.net/
18f41b73da
more on caching behavior
2014-10-19 14:40:02 -04:00
http://anastigmatix.net/
bc509a3119
make formatting more consistent
2014-10-19 14:17:03 -04:00
http://anastigmatix.net/
623b428efe
discuss zoned-ikiwiki implementation approaches, including signinview plugin
2014-10-19 14:12:11 -04:00
http://anastigmatix.net/
c4493533b6
it helps to distinguish some use cases
2014-10-19 13:32:52 -04:00
Amitai Schlair
60188d7280
also search
2014-10-19 13:13:07 -04:00
http://anastigmatix.net/
fea2ec0926
start fleshing out "things that make zoned ikiwiki hard"
2014-10-19 13:09:33 -04:00
Amitai Schlair
f9fe7fd254
sign previous
2014-10-19 13:08:13 -04:00
Amitai Schlair
9f04f8ccc5
Match word boundary (think "/usr/bin/perl5.18").
2014-10-19 13:07:34 -04:00
https://www.google.com/accounts/o8/id?id=AItOawlGzzISNi9sKsbbqyRjCZEecyypgaFV56U
f47af2b8c4
2014-10-19 12:04:48 -04:00
https://www.google.com/accounts/o8/id?id=AItOawlGzzISNi9sKsbbqyRjCZEecyypgaFV56U
1cfaacbfb5
[patch], patch
2014-10-19 12:04:02 -04:00
openmedi
b9558ad3aa
Added a comment
2014-10-17 13:23:13 -04:00
Amitai Schlair
305c91ccfb
Remove space from perl shebang path.
2014-10-17 09:05:00 -04:00
Amitai Schlair
7a2446f798
Disambiguate myself a bit (like that's needed).
2014-10-16 21:51:18 -04:00
Simon McVittie
d9b1e10d72
reformat
2014-10-17 01:07:50 +01:00
Simon McVittie
04f9ce457f
news
2014-10-17 01:01:53 +01:00
Simon McVittie
d922b1897c
Merge remote-tracking branch 'refs/remotes/dgit/dgit/sid'
2014-10-17 00:02:33 +01:00
Simon McVittie
a89dbd9892
release
2014-10-16 23:28:35 +01:00
Simon McVittie
44e05edaf4
debian: fix some wrong paths in the copyright file
2014-10-16 23:28:23 +01:00
Simon McVittie
0e783e915b
debian: rename debian/link to debian/links so the intended symlinks appear
2014-10-16 23:04:11 +01:00
Simon McVittie
37296bcb5a
close a bug
2014-10-16 23:03:48 +01:00
Simon McVittie
0c73a825d1
Drop unused python-support dependency
2014-10-16 22:48:09 +01:00
Simon McVittie
3429e81596
changelog so far
2014-10-16 22:44:29 +01:00
Simon McVittie
e1deb28e08
build-depend on libcgi-pm-perl too, for tests
2014-10-16 22:40:52 +01:00
Simon McVittie
edbc54ec6e
Explicitly depend on CGI.pm, which is no longer in Perl core
...
I was going to depend on the version that has CGI->param_fetch,
but that has been supported since 2.37, which is older than oldstable.
2014-10-16 22:24:48 +01:00
Amitai Schlair
09e7c1ad99
IkiWiki::Plugin::openid: as a precaution, do not call non-coderefs
...
We're running under "use strict" here, so if CGI->param's array-context
misbehaviour passes an extra non-ref parameter, it shouldn't be executed
anyway... but it's as well to be safe.
[commit message added by smcv]
2014-10-16 22:24:48 +01:00
Amitai Schlair
cfbcbda0ad
Call CGI->param_fetch instead of CGI->param in array context
...
CGI->param has the misfeature that it is context-sensitive, and in
particular can expand to more than one scalar in function calls.
This led to a security vulnerability in Bugzilla, and recent versions
of CGI.pm will warn when it is used in this way.
In the situations where we do want to cope with more than one parameter
of the same name, CGI->param_fetch (which always returns an
array-reference) makes the intention clearer.
[commit message added by smcv]
2014-10-16 22:24:47 +01:00
Simon McVittie
f4ec7b06d9
Make sure we do not pass multiple CGI parameters in function calls
...
When CGI->param is called in list context, such as in function
parameters, it expands to all the potentially multiple values
of the parameter: for instance, if we parse query string a=b&a=c&d=e
and call func($cgi->param('a')), that's equivalent to func('b', 'c').
Most of the functions we're calling do not expect that.
I do not believe this is an exploitable security vulnerability in
ikiwiki, but it was exploitable in Bugzilla.
2014-10-16 22:24:47 +01:00
https://www.google.com/accounts/o8/id?id=AItOawk8U772S3jDrZJCO0WA5WaDLjJv5mMl6Yw
d8943d8668
Added a comment: It was an Apache problem...
2014-10-16 10:57:26 -04:00
smcv
99bc12a3ab
branch
2014-10-16 08:11:52 -04:00