urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5,982 Commits
1 Branch
0 Tags
26 MiB
Commit Graph

4812 Commits (e62f3f8f951cca752eeebebba310dc51df392516)

Author SHA1 Message Date
Joey Hess 04d601f419 response 2008-04-10 17:53:24 -04:00
Joey Hess 2beb279806 Give the full path to the hyperestraier helpfile in estseek.conf. 2008-04-10 17:50:43 -04:00
Joey Hess b698bf2408 Use bzr --quiet to avoid it outputting stuff and messing up http headers. (Scott Bronson) 2008-04-10 17:44:40 -04:00
Joey Hess e4395a567b Fix broken rcs_update for bzr. (Scott Bronson) 2008-04-10 17:41:43 -04:00
Joey Hess e1d456a86f Fix missing import of escapeHTML in userlink. (Scott Bronson) 2008-04-10 17:39:51 -04:00
Joey Hess 15237c74fc response 2008-04-10 17:31:39 -04:00
Joey Hess a91f044044 add news item for ikiwiki 2.42 2008-04-10 17:24:24 -04:00
Joey Hess 7f51c69491 releasing version 2.42 2008-04-10 17:24:08 -04:00
Joey Hess d5c964508f Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info 2008-04-10 17:12:55 -04:00
Joey Hess ab0e0e807a perl dumping core is not an ikiwiki bug, sorry 2008-04-10 17:09:58 -04:00
Joey Hess 555f1d0512 web commit by http://joey.kitenet.net/: test 2008-04-10 16:46:23 -04:00
Joey Hess 243739e1c3 Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info 2008-04-10 16:35:50 -04:00
Joey Hess 72b5ef2c5f Fix CSRF attacks against the preferences and edit forms. Closes: #475445 
The fix involved embedding the session id in the forms, and not allowing the
forms to be submitted if the embedded id does not match the session id.

In the case of the preferences form, if the session id is not embedded,
then the CGI parameters are cleared. This avoids a secondary attack where the
link to the preferences form prefills password or other fields, and
the user hits "submit" without noticing these prefilled values.

In the case of the editpage form, the anonok plugin can allow anyone to edit,
and so I chose not to guard against CSRF attacks against users who are not
logged in. Otherwise, it also embeds the session id and checks it.

For page editing, I assume that the user will notice if content or commit
message is changed because of CGI parameters, and won't blndly hit save page.
So I didn't block those CGI paramters. (It's even possible to use those CGI
parameters, for good, not for evil, I guess..)

The only other CSRF attack I can think of in ikiwiki involves the poll plugin.
It's certianly possible to set up a link that causes the user to unknowingly
vote in a poll. However, the poll plugin is not intended to be used for things
that people would want to attack, since anyone can after all edit the poll page
and fill in any values they like. So this "attack" is ignorable.
 2008-04-10 16:35:30 -04:00
Joey Hess 609e74bbd8 fix what I think is a typo 2008-04-10 16:08:59 -04:00
Joey Hess c69c811d64 web commit by http://joey.kitenet.net/: oops :-) 2008-04-10 14:45:00 -04:00
Joey Hess ff363cf9a0 web commit by http://joey.kitenet.net/ 2008-04-10 14:43:58 -04:00
Joey Hess 5647448501 web commit by ScottSwalwell: Fixed my fix. 2008-04-10 13:01:27 -04:00
Joey Hess 7921d9456c web commit by ScottSwalwell: Fixed this link. 2008-04-10 13:00:36 -04:00
Joey Hess 04528ba259 web commit by cjb: Fixed URL 2008-04-10 01:06:21 -04:00
Joey Hess e8728aa894 web commit by cjb: Tagged 2008-04-10 00:09:07 -04:00
Joey Hess 675236d251 web commit by cjb: Suggested patch for 302 redirect after page creation when using bzr 2008-04-10 00:07:59 -04:00
Joey Hess 914a5645a5 web commit by http://sabr.myopenid.com/ 2008-04-09 22:34:44 -04:00
Joey Hess 61012a1e8d web commit by http://sabr.myopenid.com/ 2008-04-09 21:56:41 -04:00
Joey Hess beea66a711 web commit by http://sabr.myopenid.com/ 2008-04-09 21:55:32 -04:00
Joey Hess 50d653ad11 web commit by http://sabr.myopenid.com/ 2008-04-09 21:33:30 -04:00
Joey Hess eb42df0767 web commit by http://sabr.myopenid.com/ 2008-04-09 19:34:08 -04:00
Joey Hess cf7fb618f3 web commit by http://sabr.myopenid.com/ 2008-04-09 17:45:06 -04:00
Joey Hess 18de75c462 web commit by http://sabr.myopenid.com/ 2008-04-09 17:39:22 -04:00
Joey Hess c104351f51 web commit by http://sabr.myopenid.com/ 2008-04-09 17:37:22 -04:00
Joey Hess 0c353121f5 web commit by http://sabr.myopenid.com/ 2008-04-09 17:29:53 -04:00
Joey Hess 6e065626cd web commit by http://sabr.myopenid.com/ 2008-04-09 17:29:19 -04:00
Joey Hess bad216bf1f web commit by http://sabr.myopenid.com/: poll vote (Accept only OpenID for logins) 2008-04-09 16:58:29 -04:00
Joey Hess 623c1aa34f web commit by http://sabr.myopenid.com/ 2008-04-09 02:45:14 -04:00
Joey Hess 109abb1f2b web commit by http://sabr.myopenid.com/ 2008-04-09 02:43:19 -04:00
Joey Hess 1080635372 web commit by http://sabr.myopenid.com/ 2008-04-09 02:42:29 -04:00
Joey Hess 1ed60084d3 web commit by http://sabr.myopenid.com/ 2008-04-09 02:41:29 -04:00
Joey Hess 7822606010 web commit by http://sabr.myopenid.com/ 2008-04-09 02:36:12 -04:00
Joey Hess dd464e4ca8 web commit by ittayd 2008-04-08 15:37:11 -04:00
Joey Hess 9e6b7ba79a web commit by http://sabr.myopenid.com/ 2008-04-08 14:37:31 -04:00
Joey Hess 8ea8f21c20 web commit by http://sabr.myopenid.com/ 2008-04-08 14:33:13 -04:00
Joey Hess 16338ed771 web commit by http://sabr.myopenid.com/ 2008-04-08 13:18:35 -04:00
Joey Hess 7c7dba8a71 Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info 2008-04-08 12:52:48 -04:00
Joey Hess 3d8e767c36 web commit by http://xayk.net/ 
(cherry picked from commit 146b3d9ac2754112e7c6c63f7c2e783ac2bf4dbe)
 2008-04-08 12:51:46 -04:00
Joey Hess c381ec666b web commit by http://sabr.myopenid.com/ 
(cherry picked from commit 8e4a0640c591df95810fe94ab62521030134823b)
 2008-04-08 12:50:55 -04:00
Joey Hess af3367eb4e web commit by cjb: Trivial syntax bug. 2008-04-08 09:49:37 -04:00
Joey Hess 1b4493802f web commit by http://cstork.org/: poll vote (Accept only OpenID for logins) 2008-04-04 06:49:43 -04:00
Joey Hess 93d833da83 web commit by http://inthemedium.myopenid.com/: poll vote (Accept only OpenID for logins) 2008-04-02 22:52:46 -04:00
Joey Hess abb432ff4c many thanks to madduck for his donation 2008-04-02 15:04:58 -04:00
Joey Hess 614d97063c web commit by http://montyz.livejournal.com/: more make woes 2008-04-02 13:51:12 -04:00
Joey Hess c74b2e4b83 web commit by http://alcopop.org/me/openid/: formatting, tagging 2008-04-02 08:44:23 -04:00
Joey Hess c177d5c47e web commit by http://alcopop.org/me/openid/: minor documentation adjustment 2008-04-02 08:40:59 -04:00
Joey Hess f8abf8d190 web commit by http://claimid.com/bug 2008-04-01 22:44:17 -04:00
Joey Hess c9229bdeb6 web commit by http://jblevins.org/: A plain SVG version of the ikiwiki favicon 2008-04-01 19:14:09 -04:00
Joey Hess 2427bd01d6 web commit by http://jblevins.org/: My user page 2008-04-01 19:07:00 -04:00
Joey Hess 0d2076f85d web commit by http://jblevins.org/: Re: A make problem 2008-04-01 18:35:02 -04:00
Joey Hess b8e822f49f response 2008-04-01 17:10:26 -04:00
Joey Hess ce73bf59c5 web commit by http://montyz.livejournal.com/: A make problem 2008-04-01 13:04:14 -04:00
Joey Hess d9c08fcb15 add news item for ikiwiki 2.41 2008-03-29 21:17:27 -04:00
Joey Hess f6bd81db15 Added a hardlink option in the setup file, useful if the source and dest are on the same filesystem and the wiki includes large media files, which would normally be copied, wasting time and space. 2008-03-29 21:02:47 -04:00
Joey Hess b95a86c069 wiki gnomes at work 2008-03-28 14:35:49 -04:00
Joey Hess 5c076a66d3 web commit by http://subvert.org.uk/~bma/: Add stylesheet. 2008-03-28 13:20:19 -04:00
Joey Hess f6ed73013f web commit by http://subvert.org.uk/~bma/: Link to new stylesheet. 2008-03-28 13:19:29 -04:00
Joey Hess 02f3343ce8 web commit by http://subvert.org.uk/~bma/: Update my URLs. 2008-03-28 13:07:23 -04:00
Joey Hess 16f3982344 web commit by http://certifi.ca/bronson 2008-03-28 00:57:49 -04:00
Joey Hess 23bdb631cb web commit by http://weakish.int.eu.org/: invalid link 2008-03-27 10:06:59 -04:00
Joey Hess 00e60d675c web commit from 78.106.64.225: poll vote (Accept only password logins) 2008-03-27 08:31:31 -04:00
Josh Triplett cdfbc6385d Remove explanation of ohloh shortcut; it seems obvious enough. 2008-03-26 18:16:58 -07:00
Josh Triplett 07ef42afee Add shortcut for ohloh projects. 2008-03-26 18:06:25 -07:00
Joey Hess 76a4a982b8 web commit by buo: Thanks 2008-03-25 16:12:34 -04:00
Joey Hess 48bf7dc458 web commit by buo: locales and mercurial 2008-03-25 16:11:34 -04:00
Joey Hess a2c88e0690 web commit by http://willu.myopenid.com/: Add note about rel="nofollow" as an anti-spam suggestion 2008-03-24 23:23:52 -04:00
Joey Hess c88ae3768e web commit by http://jblevins.org/: htmlscrubber patch to sanitize SVG and MathML 2008-03-24 15:47:13 -04:00
Joey Hess 6f5903b54d web commit by http://mjgoins.myopenid.com/ 2008-03-24 00:19:49 -04:00
Joey Hess 845e7fbd8e web commit by http://mjgoins.myopenid.com/ 2008-03-24 00:18:47 -04:00
Joey Hess afab05a505 web commit by http://jblevins.org/: Thoughts about notation for citations 2008-03-23 22:08:02 -04:00
Joey Hess 5ed5babef4 web commit by http://madduck.net/: add note about whole site rebuilds for little changes 2008-03-22 12:02:39 -04:00
Joey Hess bee7d5d590 web commit by http://jblevins.org/: Notes about access keys from the main discussion page 2008-03-22 10:48:45 -04:00
Joey Hess 24599d2853 web commit by http://madduck.net/: put thoughts into the wishlist item 2008-03-21 19:45:38 -04:00
Joey Hess e8ff29fa33 web commit by http://jblevins.org/: Ideas about keyboard shortcuts 2008-03-21 18:14:06 -04:00
Joey Hess 6d5bce3935 web commit by http://madduck.net/ 2008-03-21 16:21:18 -04:00
Joey Hess 9cc6d6e4b8 on css suckitude 2008-03-21 15:41:41 -04:00
Joey Hess ca8852b434 external: Work around XML RPC's lack of support for null by passing a special sentinal value. 2008-03-21 15:12:15 -04:00
Joey Hess 99fce0af0d Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info 2008-03-21 14:53:41 -04:00
Joey Hess 5e52e05fd2 web commit by http://jblevins.org/: Case-sensitivity of HTML::Scrubber 2008-03-21 13:58:25 -04:00
Joey Hess f9aa09e2f6 moved to a tip 2008-03-21 13:56:31 -04:00
Joey Hess fbe5e9b144 add a tip about dealing with ikiwiki's binary state files 2008-03-21 13:52:50 -04:00
Joey Hess 6ba56392ce web commit by http://jblevins.org/: Fix links and sign 2008-03-21 11:40:33 -04:00
Joey Hess 7eebd3709b web commit by http://jblevins.org/: Request for comments about SVG and MathML whitelists 2008-03-21 11:19:00 -04:00
Joey Hess 3479809f96 add transition code for indexdb 2008-03-21 09:37:52 -04:00
Joey Hess 44824dba1b smiley: Detect smileys inside pre and tags, and do not expand. 2008-03-21 02:43:20 -04:00
Joey Hess 628467125c Close meta tag for redir properly. 2008-03-21 00:24:06 -04:00
Joey Hess 80b402286c web commit by http://jblevins.org/: Oops 2008-03-20 23:06:41 -04:00
Joey Hess daf120c1c7 web commit by http://jblevins.org/: MathML+SVG whitelist 2008-03-20 22:53:26 -04:00
Joey Hess f1fb8eac6a web commit by http://brian.may.myopenid.com/: change.tmpl and BASEURL 2008-03-20 22:51:09 -04:00
Joey Hess da7aad08e3 web commit by http://jblevins.org/: A note about the toc plugin and headers in templates 2008-03-20 17:02:59 -04:00
Joey Hess 8e2f7ec70f web commit by http://jblevins.org/: Bug report update 2008-03-20 16:26:51 -04:00
Joey Hess d4554dd010 web commit by http://bremner.myopenid.com/ 2008-03-20 06:08:33 -04:00
Joey Hess 316bca78c9 moved to a different server 2008-03-19 23:07:13 -04:00
Joey Hess b86c40e220 Merge branch 'master' of ssh://git.kitenet.net/srv/git/ikiwiki.info 2008-03-19 23:00:21 -04:00
Joey Hess 8471c51355 web commit by http://joey.kitenet.net/ 2008-03-19 22:51:05 -04:00