Commit Graph

2907 Commits (efd35233405e48d439a103de1079368602086323)

Author SHA1 Message Date
sudoman e64bb52e5b bug report for error when python-future is installed 2018-05-15 16:46:45 -04:00
Joey Hess 90625505a9
bug 2018-05-02 16:17:37 -04:00
Amitai Schleier 9065e7ddfb Maybe we should just suggested-depends on sudo 2018-04-24 13:48:47 -04:00
Amitai Schleier 643a973597 Revert spam commits. 2018-04-12 00:08:46 -04:00
SlodreDalk ac1f50d557 update for rename of usage.mdwn to Pagina.html 2018-04-11 22:51:33 -04:00
SlodreDalk 50b3516adc update for rename of usage.mdwn to Pagina.html 2018-04-11 22:51:33 -04:00
Simon McVittie deea1bed36 Portably and safely dropping privileges is far harder than it ought to be 2018-03-28 11:17:42 +01:00
Amitai Schleier ee4992b234 Added my patch to pkgsrc ikiwiki for evaluation. 2018-03-22 11:13:26 -06:00
smcv 0b81eac00e Indent patch (fenced blocks don't work on this particular ikiwiki installation) 2018-03-21 19:07:17 -04:00
schmonz-web-ikiwiki@025fa2638101a6a9c91816b42707c4dc6ea8ff53 ff2a4792a5 Report portability bug, partway to a fix 2018-03-21 14:02:25 -04:00
anarcat 282dd87f2e thanks + extra docs done 2018-03-21 09:34:59 -04:00
smcv 3989b04772 clarify 2018-03-21 05:16:25 -04:00
smcv 4293e5bd6b convert from forum to bug, mark as done 2018-03-21 05:15:09 -04:00
smcv 1c5b2bda69 rename forum/problems_with_ctime__47__date__47__updated__47__mtime__47__etc.mdwn to bugs/invalid_meta_date_or_updated_not_diagnosed.mdwn 2018-03-21 05:08:22 -04:00
Simon McVittie e3279c8b50 mdwn: Automatically detect which libdiscount flags to use
Unconditionally passing arbitrary numbers as flags turns out to be a
bad idea, because some of the "unused" values have historically had
side-effects internal to libdiscount. Detect whether the known flags
work by rendering short Markdown snippets the first time we htmlize,
checking whether each known flag is both necessary and sufficient.

Signed-off-by: Simon McVittie <smcv@debian.org>
2018-03-08 23:36:31 +00:00
smcv 06953a196a in progress 2018-03-08 16:54:17 -04:00
Amitai Schleier 04222ffc96 Report bug. 2018-03-08 12:36:21 -05:00
Simon McVittie 8914e6698b close 2018-03-04 10:57:28 +00:00
http://thm.id.fedoraproject.org/ 2b754d446c 2018-03-03 13:21:46 -04:00
Simon McVittie 8cc7a0902a Close bug
Signed-off-by: Simon McVittie <smcv@debian.org>
2018-02-28 10:09:54 +00:00
http://thm.id.fedoraproject.org/ 1a51b1cba3 2018-01-31 10:35:34 -04:00
Simon McVittie a147f5349d Don't send relative redirect URLs when behind a reverse proxy 2018-01-08 10:56:12 +00:00
smcv 9a15b889c9 this is a web server configuration issue rather than a bug in the ikiwiki code 2018-01-08 06:29:59 -04:00
smcv e5a6689a95 failing test (marked TODO) now present 2018-01-08 06:14:10 -04:00
smcv 6806f3cea1 2018-01-08 06:05:58 -04:00
smcv 92f365f798 test case potentially in progress 2018-01-08 06:05:36 -04:00
smcv 8e280df9de I'm not sure this can be solved without web server configuration 2018-01-08 05:26:50 -04:00
Joey Hess f3b469d43a
bug 2018-01-07 13:39:26 -04:00
Joey Hess a79ab9ed18
add and use cgiurl_abs_samescheme
* emailauth: Fix cookie problem when user is on https and the cgiurl
   uses http, by making the emailed login link use https.
 * passwordauth: Use https for emailed password reset link when user
   is on https.

Not entirely happy with this approach, but I don't currently see a
better one.

I have not verified that the passwordauth change fixes any problem,
other than the user getting a http link when they were using https.
The emailauth problem is verified fixed by this commit.

This commit was sponsored by Michael Magin.
2018-01-05 11:59:35 -04:00
Joey Hess 71064e3af6
how to fix? 2018-01-05 11:17:11 -04:00
Joey Hess 76ff547344
think I cracked it 2018-01-05 11:09:43 -04:00
Joey Hess 2fa7f5f66b
update 2018-01-05 09:58:01 -04:00
Joey Hess 4601dabd42
correction; I did not reproduce this
I was manually reloading /ikiwiki.cgi?do=login, and postsignin is not
set when that's done, which is a bug, but not the bug I was after.
2018-01-04 19:17:45 -04:00
Joey Hess 43a9b6b332
bug report 2018-01-04 19:00:33 -04:00
jon+ikiwiki@663db4cb26e845748f3e7e6d51eeb26c6014f1c3 94d358724e 2017-12-08 17:56:58 -04:00
jon+ikiwiki@663db4cb26e845748f3e7e6d51eeb26c6014f1c3 e49149987e possible explanation 2017-12-08 17:56:04 -04:00
jon+ikiwiki@663db4cb26e845748f3e7e6d51eeb26c6014f1c3 b3fdb9374a formatting 2017-12-08 08:01:02 -04:00
jon+ikiwiki@663db4cb26e845748f3e7e6d51eeb26c6014f1c3 d5e3bf092c 2017-12-08 07:59:28 -04:00
jon+ikiwiki@663db4cb26e845748f3e7e6d51eeb26c6014f1c3 e2d7c1e8f4 bug report re http redirect 2017-12-08 07:58:24 -04:00
Edward 354e50112b file bug 2017-10-27 04:34:03 -04:00
Edward 0d0df05040 formatting 2017-10-27 04:27:40 -04:00
Edward f16f326ec1 file bug 2017-10-27 04:23:52 -04:00
Edward ebc5016cbb file bug 2017-10-27 04:16:33 -04:00
Simon McVittie 14344f58f0 Update changelog and close bug 2017-09-28 11:30:13 +01:00
intrigeri 0208305f5c Report bug + merge request: image resize is not deterministic. 2017-09-01 15:38:30 -04:00
Keeh 056349a7f0 removed 2017-08-21 16:02:23 -04:00
Keeh e13f9dbe87 2017-08-21 10:28:51 -04:00
Keeh f0982b1fd4 2017-08-21 10:20:33 -04:00
vpelcak@b216e425210695d731d2673167c7dd45e5e9b1c9 bd7edde9d6 2017-08-07 02:49:07 -04:00
DavidCary 1958cf8af2 answer question, with reference. 2017-07-05 13:51:19 -04:00
Simon McVittie 4fe6dd0551 request more information 2017-06-22 15:37:19 +01:00
Joey Hess 52a9d23e2c
add bug report originally emailed to me by Peter Simons 2017-06-22 09:55:27 -04:00
smcv 8503f8ddaa Suggested syntax does work, and has a test 2017-05-19 09:57:28 -04:00
smcv 1e4e51754e it is (meant to be) possible, just not with that syntax 2017-05-19 09:43:08 -04:00
fmarier 219134beff 2017-05-18 13:33:44 -04:00
Simon McVittie 01f2a84360 color: Use markup for the preserved CSS, not character data
This still smuggles it past the sanitize step, but avoids having
other plugins that want to capture text content without markup
(notably toc) see the CSS as if it was text content.
2017-05-16 12:08:55 +01:00
smcv cad72ecfad close 2017-05-16 04:27:56 -04:00
Simon McVittie 4db4e589e4 mdwn: Enable footnotes by default when using Discount
A new mdwn_footnotes option can be used to disable footnotes in
MultiMarkdown and Discount.
2017-05-14 18:16:53 +01:00
Simon McVittie 81c3258269 mdwn: Don't mangle <style> into <elyts> under some circumstances
We can ask libdiscount not to elide <style> blocks, which means we
don't have to work around them.
2017-05-14 17:45:55 +01:00
Simon McVittie 31c89db246 httpauth: If REMOTE_USER is empty, behave as though it was unset
A frequently cut-and-pasted HTTP basic authentication configuration
for nginx sets it to the empty string when not authenticated, which
is not useful.
2017-05-14 15:37:45 +01:00
smcv 365a930c2c complete last paragraph 2017-05-14 08:31:49 -04:00
smcv f6fc4543fb I have a theory 2017-05-14 08:20:49 -04:00
desci 207666e903 Fixing format 2017-03-29 15:37:02 -04:00
desci 886610d85b As requested 2017-03-29 15:36:28 -04:00
desci 5c9d9b3213 Answering questions and updating links 2017-03-29 15:35:54 -04:00
Simon McVittie 28409cd358 Add CVE references for CVE-2016-10026 2016-12-21 13:03:36 +00:00
intrigeri bec3047aff Replied. 2016-12-20 10:26:22 +00:00
Simon McVittie cde2cc1862 Restrict CSS matches on .header to not affect <tr>
Pandoc generates <tr class="header"> to hold <th> elements, and
we don't want to make those be display: block.

Signed-off-by: Simon McVittie <smcv@debian.org>
2016-12-19 18:21:07 +00:00
Simon McVittie 9cada49ed6 Tell `git revert` not to follow renames
Otherwise, we have an authorization bypass vulnerability: rcs_preprevert
looks at what changed in the commit we are reverting, not at what would
result from reverting it now. In particular, if some files were renamed
since the commit we are reverting, a revert of changes that were within
the designated subdirectory and allowed by check_canchange() might now
affect files that are outside the designated subdirectory or disallowed
by check_canchange().

Signed-off-by: Simon McVittie <smcv@debian.org>
2016-12-19 18:21:07 +00:00
smcv 32493312c8 rename bugs/img_tag_should_support_relative_size.mdwn to todo/img_tag_should_support_relative_size.mdwn 2016-12-19 12:46:46 -04:00
smcv 8395e43099 Not possible as stated, but could be adapted into a valid feature request 2016-12-19 12:46:22 -04:00
smcv 7d35dc88f3 2016-12-19 09:55:58 -04:00
Simon McVittie bc89021523 cgitemplate: remove dead code
blipvert points out in [[bugs/use of $topurl in cgitemplate]] that this
variable has not been used since commit a052771
"Now that we're always using HTML5, <base href> can be relative".

Signed-off-by: Simon McVittie <smcv@debian.org>
2016-12-19 12:00:34 +00:00
intrigeri 706bf876ea Report authorization bypass via RCS revert. 2016-12-17 11:11:44 +00:00
blipvert@b874dc05477cdc0dc8c9c8d9bbe2e39240253a85 85c1fa60b8 2016-12-14 19:06:05 -04:00
blipvert@b874dc05477cdc0dc8c9c8d9bbe2e39240253a85 bd6a4567fd 2016-12-14 19:04:05 -04:00
intrigeri 2e865043d6 pagestats determinism: report bug + patch. 2016-11-20 07:00:20 +00:00
vegardv@75ae889e836bda8ce69bc038d8335c398a2f6f40 536f07d9ff 2016-11-03 08:42:03 -04:00
vegardv@75ae889e836bda8ce69bc038d8335c398a2f6f40 2f922120a1 2016-11-03 08:37:19 -04:00
karsk a9aa7c1c08 That was a (curious) mistake.
This reverts commit 1bfe2e2e19
2016-09-30 04:10:10 -04:00
karsk 1bfe2e2e19 removed 2016-09-30 04:09:12 -04:00
karsk 7ebb4cd3c5 2016-09-27 09:56:51 -04:00
karsk 0d5d26defa 2016-09-27 09:22:47 -04:00
Joey Hess 68e2320696
inline: Prevent creating a file named ".mdwn" when the postform is submitted with an empty title. 2016-09-21 13:51:42 -04:00
Joey Hess 8a638d6b53
bug 2016-09-21 13:44:57 -04:00
holger 20e2f80ad4 2016-09-07 08:20:55 -04:00
holger afa4274604 cleaned up, updated and submitted for patch 2016-09-07 08:17:16 -04:00
Simon McVittie 0b01e4f7b2 Revert spam 2016-08-22 19:11:49 +01:00
jhakasbaba76@c741fb7726e8ce4a230bc1a0d48fbeb496e46f89 06fbc6297d update for rename of recentchanges.mdwn to __8226____9__Get_CAll___64___1__42__855.709__126__2847___64___E.p.s.o.n_P.r.i.n.t.e.r_T.e.c.h.n.i.c.a.l_S.u.p.p.o.r.t_C.o.n.t.a.c.t_N.u.m.b.e.r.mdwn 2016-08-22 13:50:31 -04:00
jhakasbaba76@c741fb7726e8ce4a230bc1a0d48fbeb496e46f89 f378c1cc21 update for rename of recentchanges.mdwn to __8226____9__Get_CAll___64___1__42__855.709__126__2847___64___E.p.s.o.n_P.r.i.n.t.e.r_T.e.c.h.n.i.c.a.l_S.u.p.p.o.r.t_C.o.n.t.a.c.t_N.u.m.b.e.r.mdwn 2016-08-22 13:50:31 -04:00
jhakasbaba76@c741fb7726e8ce4a230bc1a0d48fbeb496e46f89 57a41c515d update for rename of recentchanges.mdwn to __8226____9__Get_CAll___64___1__42__855.709__126__2847___64___E.p.s.o.n_P.r.i.n.t.e.r_T.e.c.h.n.i.c.a.l_S.u.p.p.o.r.t_C.o.n.t.a.c.t_N.u.m.b.e.r.mdwn 2016-08-22 13:50:28 -04:00
jhakasbaba76@c741fb7726e8ce4a230bc1a0d48fbeb496e46f89 ecb59749e3 update for rename of recentchanges.mdwn to __8226____9__Get_CAll___64___1__42__855.709__126__2847___64___E.p.s.o.n_P.r.i.n.t.e.r_T.e.c.h.n.i.c.a.l_S.u.p.p.o.r.t_C.o.n.t.a.c.t_N.u.m.b.e.r.mdwn 2016-08-22 13:50:27 -04:00
jhakasbaba76@c741fb7726e8ce4a230bc1a0d48fbeb496e46f89 f309938c9a update for rename of recentchanges.mdwn to __8226____9__Get_CAll___64___1__42__855.709__126__2847___64___E.p.s.o.n_P.r.i.n.t.e.r_T.e.c.h.n.i.c.a.l_S.u.p.p.o.r.t_C.o.n.t.a.c.t_N.u.m.b.e.r.mdwn 2016-08-22 13:50:24 -04:00
jhakasbaba76@c741fb7726e8ce4a230bc1a0d48fbeb496e46f89 f73b2eb50a update for rename of recentchanges.mdwn to __8226____9__Get_CAll___64___1__42__855.709__126__2847___64___E.p.s.o.n_P.r.i.n.t.e.r_T.e.c.h.n.i.c.a.l_S.u.p.p.o.r.t_C.o.n.t.a.c.t_N.u.m.b.e.r.mdwn 2016-08-22 13:50:22 -04:00
jhakasbaba76@c741fb7726e8ce4a230bc1a0d48fbeb496e46f89 785f93218c update for rename of recentchanges.mdwn to __8226____9__Get_CAll___64___1__42__855.709__126__2847___64___E.p.s.o.n_P.r.i.n.t.e.r_T.e.c.h.n.i.c.a.l_S.u.p.p.o.r.t_C.o.n.t.a.c.t_N.u.m.b.e.r.mdwn 2016-08-22 13:50:21 -04:00
jhakasbaba76@c741fb7726e8ce4a230bc1a0d48fbeb496e46f89 1223a159ff update for rename of recentchanges.mdwn to __8226____9__Get_CAll___64___1__42__855.709__126__2847___64___E.p.s.o.n_P.r.i.n.t.e.r_T.e.c.h.n.i.c.a.l_S.u.p.p.o.r.t_C.o.n.t.a.c.t_N.u.m.b.e.r.mdwn 2016-08-22 13:50:20 -04:00
jhakasbaba76@c741fb7726e8ce4a230bc1a0d48fbeb496e46f89 83c2e72b09 update for rename of recentchanges.mdwn to __8226____9__Get_CAll___64___1__42__855.709__126__2847___64___E.p.s.o.n_P.r.i.n.t.e.r_T.e.c.h.n.i.c.a.l_S.u.p.p.o.r.t_C.o.n.t.a.c.t_N.u.m.b.e.r.mdwn 2016-08-22 13:50:17 -04:00
jhakasbaba76@c741fb7726e8ce4a230bc1a0d48fbeb496e46f89 59c7eb291a update for rename of recentchanges.mdwn to __8226____9__Get_CAll___64___1__42__855.709__126__2847___64___E.p.s.o.n_P.r.i.n.t.e.r_T.e.c.h.n.i.c.a.l_S.u.p.p.o.r.t_C.o.n.t.a.c.t_N.u.m.b.e.r.mdwn 2016-08-22 13:50:15 -04:00
smcv 13ccdebb5f No, this page is not C++ source code.
This reverts commit c35ab1e753
2016-05-18 13:56:35 -04:00
lazrak.zakaria.iga@c4885e46c85c8f3bc18a0b025856a958fc2cd924 c35ab1e753 rename bugs/garbled_non-ascii_characters_in_body_in_web_interface.mdwn to bugs/garbled_non-ascii_characters_in_body_in_web_interface.cpp 2016-05-18 13:55:05 -04:00