Commit Graph

2051 Commits (fe0cdbef6c51d70e369ff1911e47a6fc883ca9eb)

Author SHA1 Message Date
Joey Hess f2529edcab Fix typo in Danish translation of shortcuts page that caused expoentional regexp blowup.
Complex regular subexpression recursion limit (32766) exceeded at
/home/joey/src/ikiwiki/IkiWiki.pm line 1532.

This doesn't fix the blowup potential itself, it just fixes the typo. :)

A sample page that causes the blowup is attached below for future
reference. The first directive is not terminated. Contributing are the
additional quotes around the following directives, which mean that they can
each be processed as a parameter to the first directive, or as an
individual directive. In resolving this ambiguity, the regexp blows up.
Happily, perl contains the explosion , so I don't think there is an exploit
here.

"[[!shortcut name=wiktionary url=\"https://secure.wikimedia.org/wiktionary/en/"
"[[!shortcut name=debss url=\"http://snapshot.debian.net/package/%s\"]]"
"[[!shortcut name=debwiki url=\"http://wiki.debian.org/%s\"]]"
"[[!shortcut name=fdobug url=\"https://bugs.freedesktop.org/show_bug.cgi?id=%s\" desc=\"freedesktop.org bug #%s\"]]"
"[[!shortcut name=fdolist url=\"http://lists.freedesktop.org/mailman/listinfo/%s\" desc=\"%s@lists.freedesktop.org\"]]"
"[[!shortcut name=cpanrt url=\"https://rt.cpan.org/Ticket/Display.html?id=%s\" desc=\"CPAN RT#%s\"]]"
"[[!shortcut name=novellbug url=\"https://bugzilla.novell.com/show_bug.cgi?id=%s\" desc=\"bug %s\"]]"
"[[!shortcut name=fdolist url=\"http://lists.freedesktop.org/mailman/listinfo/%s\" desc=\"%s@lists.freedesktop.org\"]]"
"[[!shortcut name=gnomebug url=\"http://bugzilla.gnome.org/show_bug.cgi?id=%s\" desc=\"GNOME bug #%s\"]]"
"[[!shortcut name=linuxbug url=\"http://bugzilla.kernel.org/show_bug.cgi?id=%s\" desc=\"Linux bug #%s\"]]"
"[[!shortcut name=gmane url=\"http://dir.gmane.org/gmane.%s\" desc=\"gmane.%s\"]]"
"[[!shortcut name=gmanemsg url=\"http://mid.gmane.org/%s\"]]"
"[[!shortcut name=cpan url=\"http://search.cpan.org/search?mode=dist&query=%s\"]]"
"[[!shortcut name=ctan url=\"http://tug.ctan.org/cgi-bin/ctanPackageInformation.py?id=%s\"]]"
"[[!shortcut name=hoogle url=\"http://haskell.org/hoogle/?q=%s\"]]"
"[[!shortcut name=iki url=\"http://ikiwiki.info/%S/\"]]"
"[[!shortcut name=ljuser url=\"http://%s.livejournal.com/\"]]"
"[[!shortcut name=rfc url=\"http://www.ietf.org/rfc/rfc%s.txt\" desc=\"RFC %s\"]]"
"[[!shortcut name=c2 url=\"http://c2.com/cgi/wiki?%s\"]]"
"[[!shortcut name=meatballwiki url=\"http://www.usemod.com/cgi-bin/mb.pl?%s\"]]"
"[[!shortcut name=emacswiki url=\"http://www.emacswiki.org/cgi-bin/wiki/%s\"]]"
"[[!shortcut name=haskellwiki url=\"http://haskell.org/haskellwiki/%s\"]]"
"[[!shortcut name=dict url=\"http://www.dict.org/bin/Dict?Form=Dict1&Strategy=*&Database=*&Query=%s\"]]"
"[[!shortcut name=imdb url=\"http://imdb.com/find?q=%s\"]]"
"[[!shortcut name=gpg url=\"http://pgpkeys.mit.edu:11371/pks/lookup?op=vindex&exact=on&search=0x%s\"]]"
"[[!shortcut name=perldoc url=\"http://perldoc.perl.org/search.html?q=%s\"]]"
"[[!shortcut name=whois url=\"http://reports.internic.net/cgi/whois?whois_nic=%s&type=domain\"]]"
"[[!shortcut name=cve url=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=%s\"]]"
"[[!shortcut name=cia url=\"http://cia.vc/stats/project/%s\"]]"
"[[!shortcut name=ciauser url=\"http://cia.vc/stats/user/%s\"]]"
"[[!shortcut name=flickr url=\"http://www.flickr.com/photos/%s\"]]"
"[[!shortcut name=man url=\"http://linux.die.net/man/%s\"]]"
"[[!shortcut name=ohloh url=\"http://www.ohloh.net/projects/%s\"]]"
"[[!shortcut name=cpanrt url=\"https://rt.cpan.org/Ticket/Display.html?id=%s\" desc=\"CPAN RT#%s\"]]"
"[[!shortcut name=novellbug url=\"https://bugzilla.novell.com/show_bug.cgi?id=%s\" desc=\"bug %s\"]]"
2011-07-26 17:29:36 +02:00
Joey Hess ca435801d9 po: Add `LANG_CODE` and `LANG_NAME` template variables. (intrigeri) 2011-07-19 14:12:45 -04:00
Joey Hess e04cb1ffd3 mercurial: Implement rcs_diff. (Daniel Andersson) 2011-07-19 11:44:26 -04:00
Joey Hess 339b95e719 rcs_rename and rcs_remove also were in the big mercurial patch 2011-07-19 11:41:11 -04:00
Joey Hess b4db945b34 mercurial: Make both rcs_getctime and rcs_getmtime fast. (Daniel Andersson) 2011-07-19 11:39:32 -04:00
Joey Hess 86e1dc492f apply the big mercurial patch
* mercurial: openid nicknames are now used when committing. (Daniel Andersson)
* mercurial: implement rcs_commit_staged so comments, attachments, etc
  can be used. (Daniel Andersson)
* mercurial: fix viewing of a diff containing non-utf8 changes.
  (Daniel Andersson)
2011-07-19 11:26:14 -04:00
Joey Hess 98d2356ad0 releasing version 3.20110715 2011-07-15 18:57:24 -04:00
Joey Hess 4cd2efef8c fix two recently introduced bugs in rename
* rename: Fix logic error that broke renaming pages when the attachment
  plugin was disabled.
* rename: Fix logic error that bypassed the usual pagespec checks.
2011-07-15 18:46:16 -04:00
Joey Hess 70ce708b02 releasing version 3.20110712 2011-07-12 12:40:30 -04:00
Joey Hess 20577d8ecb Display attachment manipulation links always, since attachments can be uploaded via javascript.
Could arrange for them to be in a span that is hidden when there are no
attachments and make the javascript upload unhide it; this is a quick fix.
2011-07-11 21:38:48 -04:00
Joey Hess d23786cb6c attachment: Bugfix to create directory when moving attachment out of holding area. 2011-07-11 21:35:46 -04:00
Joey Hess 4ce2490e01 releasing version 3.20110711 2011-07-11 18:41:30 -04:00
Joey Hess 258b75c4f7 attachment: Bugfix to move upload attachments out of holding area when saving. 2011-07-11 18:34:17 -04:00
Joey Hess 45a058a2c7 Add build dep on python-support. Closes: #633536 2011-07-11 13:07:28 -04:00
Joey Hess a40b58c514 releasing version 3.20110707 2011-07-07 20:48:48 -04:00
Joey Hess 9f7d9ab356 Bugfix for trying to attach files to a subpage of the index page. 2011-07-07 20:32:14 -04:00
Joey Hess a965e02430 Bugfix for wikilink containing an email address not showing up in brokenlinks list. 2011-06-29 18:35:29 -04:00
Joey Hess a18a62aa30 inline: Handle obfuscated urls, such as the mailto urls generated by markdown when forcing urls absolute.
That took me 5 minutes. If anyone thinks obfuscated email urls stops, or
even slows down spammers, think again.
2011-06-29 18:12:58 -04:00
Joey Hess add72de71a merged smcv/comments-metadata 2011-06-29 17:57:53 -04:00
Joey Hess 9d7c1d5f7d Fix ikiwiki-update-wikilist -r to actually work. 2011-06-29 17:38:26 -04:00
Joey Hess 25b01f9404 Preserve mixed case in page creation links, and when creating a page whose title is mixed case, allow selecting between the mixed case and all lower-case names. 2011-06-29 16:38:32 -04:00
Joey Hess ae1857b43c img: Generate png format thumbnails for svg images.
Imagemagick does not generate svg images very well, but it can convert
them to png quite well.

For browsers that don't yet support displaying svg, this also provides a
workaround; just scale the svg down to get a png. But the workaround is
partial, since scaling the image larger, or leaving it the same size will
cause the original svg to be displayed. Since browsers are actively
improving svg support, this is good enough for me.
2011-06-29 14:40:30 -04:00
Joey Hess c90bc78d44 Support svg as a inlinable image type
svg images can be included on a page by simply linking to them, or by using
the img directive. Note that sanitizing svg files is still not addressed.
2011-06-29 14:17:47 -04:00
Joey Hess 46064d6d63 html5 is not experimental anymore. But not the default either, quite yet. 2011-06-23 09:41:21 -04:00
Joey Hess 886890b82d move headinganchors out of contrib 2011-06-21 15:22:35 -04:00
Joey Hess d82fa99426 add JSON dep 2011-06-16 14:34:44 -04:00
Joey Hess d96edbbe68 Add libtext-multimarkdown-perl to Suggests. Closes: #630705 2011-06-16 13:13:08 -04:00
Joey Hess 6ebb4e262e show ikiwiki error when attachment is rejected 2011-06-16 13:01:23 -04:00
Joey Hess d4a0732752 let thru HTTP_ACCEPT
Needed for attachment to return json when requested.

I think some browsers send Accept: * , so I made sure to check that json
was explicitly listed as to be accepted, as well as having a high
priority.
2011-06-15 20:02:14 -04:00
Joey Hess c9781b20bf added jquery templates 2011-06-15 19:33:22 -04:00
Joey Hess f3fd7696cf added jquery-ui for attachment interface 2011-06-15 19:30:34 -04:00
Joey Hess a695b5b2f8 updated jquery and made it its own underlay 2011-06-15 19:15:06 -04:00
Joey Hess 3a939f05c5 update copyright 2011-06-15 18:56:36 -04:00
Joey Hess 8e15f664c4 aggregate: Improve checking for too long aggregated filenames.
Two problems fixed:

1. Files are written with a .ikiwiki-new suffix, which has to be taken into
   account.
2. Need to count length of bytes, not of unicode characters.
2011-06-10 18:47:57 -04:00
Joey Hess cf707d1654 userlist: New plugin, lets admins see a list of users and their info. 2011-06-09 10:10:27 -04:00
Joey Hess 4fdeda0e34 ikiwiki-mass-rebuild: Fix tty hijacking vulnerability by using su. (Once su's related bug #628843 is fixed.) Thanks, Ludwig Nussel. (CVE-2011-1408) 2011-06-08 17:42:07 -04:00
Joey Hess d7c4001748 search: Update search page when page.tmpl or searchquery.tmpl are locally modified. 2011-06-03 20:31:20 -04:00
Joey Hess 0423cac6de let's assume some web server will think OFF is a good idea.. 2011-06-03 14:41:13 -04:00
Joey Hess 254080bc85 Support the Hiawatha web server which sets HTTPS=off rather than not setting it. (There does not seem to be a standard here.) 2011-06-03 14:36:31 -04:00
Joey Hess 3b8fc54717 merged po4a robustness workaround 2011-06-03 12:39:09 -04:00
Joey Hess 50bc05e7fb changelog 2011-06-03 12:32:42 -04:00
Joey Hess 30c3ceeaa2 Changed license of madduck's python plugins from GPL-2 to BSD-2-clause.
Apparently the rst library is changing to a GPL-2 incompatable license.

"madduck: joeyh: so yes, do as you think is right."
2011-05-19 14:37:16 -04:00
Joey Hess b4dd83642a merged quoting changes 2011-05-13 11:24:16 -04:00
Joey Hess 97a8d30dc1 Support YAML::XS by not passing decoded unicode to Load. Closes: #625713 2011-05-12 17:50:25 -04:00
Joey Hess b2754fa272 openid: also use Net::INET6Glue if available 2011-05-09 18:15:35 -04:00
Joey Hess 825f81340a aggregate, pinger: Use Net::INET6Glue if available to support making ipv6 connections.
Making outgoing ipv6 connections for openid auth is still broken; the glue
module does not seem to solve that, so I did not make openid use it.
2011-05-09 14:00:48 -04:00
Joey Hess fc79f2252e Add conflict with libyaml-libyaml-perl, since that library does not support utf8. Closes: #625713 (see https://rt.cpan.org/Public/Bug/Display.html?id=54683) 2011-05-06 14:38:27 -04:00
Joey Hess adabab4cc6 changelog 2011-05-06 14:32:55 -04:00
Joey Hess 4a27adfa72 Danish translation update. Closes: #625721 2011-05-05 13:02:31 -04:00
Joey Hess e02b903054 releasing version 3.20110430 2011-04-30 17:27:18 -04:00