aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* img: force common Web formats to be interpreted according to extensionSimon McVittie2016-05-05
| | | | | | | | A site administrator might unwisely set allowed_attachments to something like '*.jpg or *.png'; if they do, an attacker could attach, for example, a SVG file named attachment.jpg. This mitigates CVE-2016-3714.
* HTML-escape error messages (OVE-20160505-0012)Simon McVittie2016-05-05
| | | | | | | | | | | | The instance in cgierror() is a potential cross-site scripting attack, because an attacker could conceivably cause some module to raise an exception that includes attacker-supplied HTML in its message, for example via a crafted filename. (OVE-20160505-0012) The instances in preprocess() is just correctness. It is not a cross-site scripting attack, because an attacker could equally well write the desired HTML themselves; the sanitize hook is what protects us from cross-site scripting here.
* all goodhttps://id.koumbit.net/anarcat2016-05-04
|
* (no commit message)smcv2016-05-04
|
* response: confirmation it's a bug in MMD and Discount doesn't have ↵https://id.koumbit.net/anarcat2016-05-04
| | | | footnotes, and request for workaround
* discount (as used on this wiki) can do footnotes, but they aren't enabled by ↵smcv2016-05-04
| | | | ikiwiki
* responsesmcv2016-05-04
|
* responseJoey Hess2016-05-02
|
* (no commit message)https://id.koumbit.net/anarcat2016-04-29
|
* responsehttps://id.koumbit.net/anarcat2016-04-28
|
* Merge branch 'master' of ssh://git.ikiwiki.infoJoey Hess2016-04-28
|\
| * (no commit message)https://id.koumbit.net/anarcat2016-04-28
| |
| * http/https issuehttps://id.koumbit.net/anarcat2016-04-28
| |
* | responseJoey Hess2016-04-28
| |
* | Merge remote-tracking branch 'origin/master'Joey Hess2016-04-28
|\|
| * smaller is too small for large blocksAntoine Beaupré2016-04-26
| |
| * fix typo and commentAntoine Beaupré2016-04-26
| |
| * new CSS bugAntoine Beaupré2016-04-26
| |
| * explain footnoteshttps://id.koumbit.net/anarcat2016-04-26
| |
| * Changed the expired domain and added questiondesci2016-04-18
| |
| * Fixed dead link.RickHanson2016-04-17
| |
| * add screenshotAntoine Beaupré2016-04-15
| |
| * fix typosAntoine Beaupré2016-04-15
| |
| * announce the admonition pluginAntoine Beaupré2016-04-15
| |
| * elaborate copyright investigation. ugh.Antoine Beaupré2016-04-15
| |
| * responseAntoine Beaupré2016-04-15
| |
| * can't login againAntoine Beaupré2016-04-15
| |
| * escapesmcv2016-04-15
| |
| * templates are another way to do thissmcv2016-04-15
| |
| * (no commit message)smcv2016-04-15
| |
| * a weird authentication bugAntoine Beaupré2016-04-15
| |
| * admonitions proposalAntoine Beaupré2016-04-15
| |
| * Arguing moredesci2016-04-15
| |
| * Added systemd for nginxdesci2016-04-15
| |
| * (no commit message)desci2016-04-14
| |
| * Document new feature.spalax2016-04-14
| |
| * clarify that theme and css is not only to change stylesheets, but the look ↵https://id.koumbit.net/anarcat2016-04-13
| | | | | | | | in general
| * link to localstyle after a user struggled for hours to figure out exactly thathttps://id.koumbit.net/anarcat2016-04-13
| |
| * explain why multiple page.tmpl is a showstopper for upstream even if not for ↵smcv2016-04-12
| | | | | | | | local themes
| * (no commit message)desci2016-04-11
| |
| * Updated linkdesci2016-04-11
| |
| * Updated linkdesci2016-04-11
| |
| * Edited old sentence to reference the forumdesci2016-04-11
| |
| * (no commit message)desci2016-04-11
| |
| * Asked Joey to reconsiderdesci2016-04-11
| |
| * Added yet another bootstrap themedesci2016-04-11
| |
| * Added questiondesci2016-04-11
| |
| * There's also a config file option.spwhitton2016-04-09
| |
| * Marketingdesci2016-04-09
| |
| * Delivering what I've promiseddesci2016-04-09
| |
generated by cgit v1.2.3 (git 2.45.0) at 2024-12-01 20:42:52 +0000