diff options
| -rw-r--r-- | doc/examples/blog/posts/first_post.mdwn | 2 | ||||
| -rw-r--r-- | doc/forum/Apache_XBitHack.mdwn | 6 | ||||
| -rw-r--r-- | doc/ikiwikiusers.mdwn | 2 | ||||
| -rw-r--r-- | doc/plugins/contrib/justlogin.mdwn | 2 | ||||
| -rw-r--r-- | doc/security.mdwn | 4 | ||||
| -rw-r--r-- | doc/todo/pingback_support.mdwn | 2 |
6 files changed, 14 insertions, 4 deletions
diff --git a/doc/examples/blog/posts/first_post.mdwn b/doc/examples/blog/posts/first_post.mdwn index 343497d18..f76df2f17 100644 --- a/doc/examples/blog/posts/first_post.mdwn +++ b/doc/examples/blog/posts/first_post.mdwn @@ -1,2 +1,4 @@ This is the first post to this example blog. To add new posts, just add files to the posts/ subdirectory, or use the web form. + +And is this ever edited again ? Looking for blog software and learning perl... diff --git a/doc/forum/Apache_XBitHack.mdwn b/doc/forum/Apache_XBitHack.mdwn new file mode 100644 index 000000000..9cadc73e1 --- /dev/null +++ b/doc/forum/Apache_XBitHack.mdwn @@ -0,0 +1,6 @@ +I'd like to be able to use the Apache XBitHack to enable Server Side Includes on my site. Yes, it is possible to enable SSI by setting the page extension to .shtml, and that is what I am doing at the moment. +However, the disadvantage of this approach is that the server does not give a LastModified header, which means that the content can't be cached. However, the way that I am using SSI is such that the main content of the page really is "last modified" when the page was last modified, so I'd like to be able to indicate that. And using the XBitHack - that is, setting the executable bit on the generated page - would enable me to do that. + +I gather from the [[security]] page that having the executable bit set on files is considered a security hole, but how big a hole would it be if I'm the only one editing the site? Is there a way, a somewhat safe way, of implementing XBitHack for IkiWiki? + +-- [[KathrynAndersen]] diff --git a/doc/ikiwikiusers.mdwn b/doc/ikiwikiusers.mdwn index d69e0a4c9..4f823353e 100644 --- a/doc/ikiwikiusers.mdwn +++ b/doc/ikiwikiusers.mdwn @@ -168,7 +168,7 @@ Personal sites and blogs * [pmate](http://pmate.nfshost.com)'s homepage and [blog](http://pmate.nfshost.com/blog/) * [tychoish.com](http://tychoish.com/) - a blog/wiki mashup. blog posts are "rhizomes." * [Martin Burmester](http://www.martin-burmester.de/) -* [Øyvind A. Holm (sunny256)](http://www.sunbase.org) +* [Øyvind A. Holm (sunny256)](http://www.sunbase.org) — Read my Ikiwiki praise [here](http://www.sunbase.org/blog/why_ikiwiki/). Please feel free to add your own ikiwiki site! diff --git a/doc/plugins/contrib/justlogin.mdwn b/doc/plugins/contrib/justlogin.mdwn index ef3d1bfff..90645b9ef 100644 --- a/doc/plugins/contrib/justlogin.mdwn +++ b/doc/plugins/contrib/justlogin.mdwn @@ -1,4 +1,4 @@ -This plugin is still in development. Currently it does bring up the login page and the login page does, with proper credentials, log in the user, but the returning page goes to prefs. I have no idea why. +This plugin has been abandoned while still in development. Currently it does bring up the login page and the login page does, with proper credentials, log in the user, but the returning page goes to prefs. I have no idea why. I decided to go in another direction so if someone wants to take over then please do so. Otherwise I have no problem if this page needs to be deleted. [[users/justint/]] Place this code into a page: diff --git a/doc/security.mdwn b/doc/security.mdwn index 52d9d3dc0..770927e26 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -441,7 +441,7 @@ A fix was also backported to Debian etch, as version 2.53.5. I recommend upgrading to one of these versions if your wiki can be edited by third parties. -## javascript insertation via insufficient htmlscrubbing of comments +## javascript insertion via insufficient htmlscrubbing of comments Kevin Riggle noticed that it was not possible to configure `htmlscrubber_skip` to scrub comments while leaving unscubbed the text @@ -454,7 +454,7 @@ preview or moderation of comments with such a configuration. These problems were discovered on 12 November 2010 and fixed the same hour with the release of ikiwiki 3.20101112. ([[!cve CVE-2010-1673]]) -## javascript insertation via insufficient checking in comments +## javascript insertion via insufficient checking in comments Dave B noticed that attempting to comment on an illegal page name could be used for an XSS attack. diff --git a/doc/todo/pingback_support.mdwn b/doc/todo/pingback_support.mdwn index b10366bda..7b3b158ee 100644 --- a/doc/todo/pingback_support.mdwn +++ b/doc/todo/pingback_support.mdwn @@ -37,3 +37,5 @@ case I will consider this done with an entry in [[tips]]; otherwise a > whenever a page is posted or edited, and gets the changed content, it can > simply scan it for urls (may have to htmlize first?), and send pings to > all urls found. --[[Joey]] + +>> Is there any update on this? This would be highly useful and is the main reason why I am not using my blog more regularly, yet. (And yes, now that git-annex is doing everything I need and more, I thought I should revisit this one, as well). -- RichiH |