Commit Graph

189 Commits (eadff687abbec442423967d5cba3bcfb606dc1a9)

Author SHA1 Message Date
Simon McVittie a64dca8356 Escape HTML in Atom feed metadata rather than treating it as XHTML 2008-07-31 22:15:22 +01:00
Simon McVittie 9b901a3364 Escape HTML in RSS feeds, rather than relying on it being valid to stuff into a CDATA section 2008-07-31 22:13:21 +01:00
Simon McVittie 9bc2e316b2 Escape HTML in Atom feeds, rather than relying on it being well-formed XHTML with no named entity references 2008-07-31 22:12:56 +01:00
Joey Hess 054a98647f really rm ;-) 2008-07-29 16:56:25 -04:00
Joey Hess a02c3f46ea initial draft 2008-07-29 15:39:01 -04:00
Joey Hess 7befc6deb3 link fixup on rename working 2008-07-23 19:12:05 -04:00
Joey Hess 29f32d0ba3 add a list of broken links after the rename 2008-07-22 20:30:54 -04:00
Joey Hess 1c9a3cb82b add a rename summary 2008-07-22 20:17:03 -04:00
Joey Hess d76c10cba2 Split out error messages from editpage.tmpl into several separate templates. 2008-07-22 19:58:34 -04:00
Joey Hess 96c529826d skeleton rename plugin 2008-07-21 22:30:43 -04:00
Joey Hess a1df39ed4a simplified confirmation form
also, there's no titlepage conversion issues
2008-07-21 14:22:57 -04:00
Joey Hess 3da279ddd4 editpage: Don't show attachments link when attachments are disabled. 2008-07-21 12:15:55 -04:00
Gabriel McManus e3b0584a49 Use correct term prefixes when searching.
The Z term prefix is for stemming and shouldn't be used here.
X is for custom fields.
2008-07-19 13:23:02 -04:00
Simon McVittie 49fac7fbdb Oops, add missing </span> 2008-07-15 01:14:47 +01:00
Simon McVittie d1eba95cdc More CSS hooks for page.tmpl.
I notice madduck.net already has a similar change :-)
2008-07-15 00:56:19 +01:00
Simon McVittie 879d780603 Add more CSS hooks to inlinepage.tmpl
* Wrap everything before the content in <div class="inlineheader">
* Wrap the inlined content itself in <div class="inlinecontent">
* Wrap everything after the content in <div class="inlinefooter">
2008-07-13 15:13:20 +01:00
Simon McVittie fe242ad996 Add more stylesheet hooks to the page template
* Wrap header stuff, including actions, in <div class="pageheader">
  (there is already a class="header", which is a subset of this, so
  using id="header" would be confusing)
* Add class="pagefooter" to the existing <div id="footer">, for symmetry
2008-07-13 15:09:37 +01:00
Simon McVittie 415c8e0cb5 Rename [[!inline atomid="..."]] to [[!inline guid="..."]] to be consistent with [[!meta guid="..."]], which also outputs an Atom <id> 2008-07-12 17:12:37 +01:00
Simon McVittie 2bd8ada5a6 Accept [[!inline ... atomid="..."]] and use it to populate the feed's Atom <id>.
This is often the same as the feed's <link> (in which case it can be omitted) but sometimes it's a urn:uuid: URN instead.
2008-07-12 17:09:41 +01:00
Simon McVittie 50ec532bba Add MIME type to Atom feeds' <link rel='self'> 2008-07-12 17:09:35 +01:00
Joey Hess ca30d95a78 rename uuid to guid 2008-07-12 10:59:45 -04:00
Simon McVittie fc917fa383 rssitem.tmpl: use UUID as <guid> if supplied 2008-07-11 23:47:00 +01:00
Simon McVittie 9f479a83a7 atomitem.tmpl: use UUID as <id> if supplied 2008-07-11 23:46:48 +01:00
Joey Hess badfb9a5c9 add br at top
firefox 3 smooshed the page location dropdown up to the page title,
obscuring descenders and underscores. Maybe that's a bug, since the CSS
didn't ask it to, but I think adding the extra space of a br at the top
looks better anyway.
2008-07-06 14:54:38 -04:00
Joey Hess edfbd7e1aa toggle: Add javascript to top of page, not to end. This avoids flicker since closed toggles will not be displayed as the page is loading. 2008-07-02 16:14:18 -04:00
Joey Hess 1289beb53b xhtml fixes 2008-07-02 16:08:48 -04:00
Joey Hess d593533af5 attachments interface visibility toggling 2008-07-02 15:42:32 -04:00
Joey Hess c1e9e121b7 basic attachment list 2008-07-01 17:19:38 -04:00
Joey Hess 6643db0cd2 add support for an attachment upload field
FormBuilder makes it annoyingly hard to move a submit button to a
nonstandard place. The button name has to be "_submit" or FormBuilder will
ignore it.
2008-06-30 21:29:37 -04:00
Joey Hess 50542d15ef Add support for the universal edit button
<http://universaleditbutton.org/>

Not forcing a rebuild on upgrade just for this.
2008-06-21 16:56:47 -04:00
Joey Hess 3215b5a982 finishing touches on the new search plugin
- Add a Help link.
- If the pageterm is too long, hash it.
2008-06-04 15:24:28 -04:00
Joey Hess e4119f048c The search interface now allows searching for a page by title ("title:foo"), as well as for pages that contain a given link ("link:bar"). 2008-06-04 14:13:21 -04:00
Joey Hess 18b0aa1f13 prettify page names, and drop the redunadant url display 2008-06-03 22:11:33 -04:00
Joey Hess 8a6a5320ed search: Converted to use xapian-omega.
Everything is done except for the actual indexing. I plan to do incremental
indexing as pages change.
2008-06-03 15:29:54 -04:00
Joey Hess 878bfe008c improve wording 2008-05-30 17:53:10 -04:00
Joey Hess e943812dc9 hashed password support, and empty password security fix
This implements the previously documented hashed password support.

While implementing that, I noticed a security hole, which this commit
also fixes..
2008-05-30 17:35:34 -04:00
Joey Hess 6725413516 Add rel=nofollow to edit links. This may prevent some spiders from pounding on the cgi following edit links. 2008-05-28 03:09:04 -04:00
Joey Hess 2718fc2b25 response 2008-04-10 19:54:38 -04:00
Joey Hess 2beb279806 Give the full path to the hyperestraier helpfile in estseek.conf. 2008-04-10 17:50:43 -04:00
Joey Hess 72b5ef2c5f Fix CSRF attacks against the preferences and edit forms. Closes: #475445
The fix involved embedding the session id in the forms, and not allowing the
forms to be submitted if the embedded id does not match the session id.

In the case of the preferences form, if the session id is not embedded,
then the CGI parameters are cleared. This avoids a secondary attack where the
link to the preferences form prefills password or other fields, and
the user hits "submit" without noticing these prefilled values.

In the case of the editpage form, the anonok plugin can allow anyone to edit,
and so I chose not to guard against CSRF attacks against users who are not
logged in. Otherwise, it also embeds the session id and checks it.

For page editing, I assume that the user will notice if content or commit
message is changed because of CGI parameters, and won't blndly hit save page.
So I didn't block those CGI paramters. (It's even possible to use those CGI
parameters, for good, not for evil, I guess..)

The only other CSRF attack I can think of in ikiwiki involves the poll plugin.
It's certianly possible to set up a link that causes the user to unknowingly
vote in a poll. However, the poll plugin is not intended to be used for things
that people would want to attack, since anyone can after all edit the poll page
and fill in any values they like. So this "attack" is ignorable.
2008-04-10 16:35:30 -04:00
Joey Hess d93aaed791 * Add recentchangesdiff plugin that adds diffs to the recentchanges feeds.
* rcs_diff is a new function that rcs modules should implement.
* Implemented rcs_diff for git, svn, and tla (tla version untested).
  Mercurial and monotone still todo.
2008-03-03 15:53:34 -05:00
Joey Hess 8be2b60aac * The search plugin needs to override <base> to point to the directory
containing ikiwiki.cgi, but this should not change the urls to the style
  sheets etc. Add a new forcebareurl parameter to misctemplate to allow
  it to do that.
2008-02-14 15:20:49 -05:00
Josh Triplett 122f6df325 Merge branch 'master' into prefix-directives
Conflicts:

	debian/changelog
	templates/change.tmpl
2008-02-09 23:02:52 -08:00
Joey Hess f1fcb5be9c * Page templates can now use CTIME to show when the page was created. 2008-02-09 23:05:48 -05:00
Joey Hess a72a620134 change wording 2008-02-09 22:59:50 -05:00
Joey Hess 18d16309ce reword to put the more important info (page names) nearer the front 2008-02-09 22:59:01 -05:00
Joey Hess f3efacb16d add ! prefix to some directives in templates, and to the recentchanges page 2008-02-05 16:18:29 -05:00
Joey Hess 7da5b9948e more whitespace nonsense 2008-01-29 18:27:41 -05:00
Joey Hess e40a9b0511 more HTML::Template fun
fix whitespace that led to bad wrapping and display
2008-01-29 18:25:13 -05:00
Joey Hess 3d29c5e3f8 fix display of diff icon 2008-01-29 18:06:03 -05:00