aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
* Fix syntax.intrigeri2019-04-10
|
* Submit branch for review.intrigeri2019-04-10
|
* update my comment to reflect new commits on that branchjmtd2019-03-30
|
* initial implementation (I was unable to use untrusted git push to add this ↵jmtd2019-03-29
| | | | comment)
* (no commit message)mike@8d1a742254a41aaff8dd19404183dce96fac24ba2019-03-06
|
* (no commit message)krukova.ann@14e9655c363b07d848ae6d37ce799ad41f0c51fb2019-03-06
|
* (no commit message)krukova.ann@14e9655c363b07d848ae6d37ce799ad41f0c51fb2019-03-06
|
* Merge remote-tracking branch 'origin/master'Simon McVittie2019-02-28
|\
| * This reverts commit 727147aa6e50229178fb853f26c9c340fa789799anarcat2019-02-26
| |
| * (no commit message)machine_brain2019-02-25
| |
* | Announce 3.20190228 and 3.20170111.1Simon McVittie2019-02-28
| |
* | Add an anchor for /security/#cve-2019-9187Simon McVittie2019-02-28
| |
* | Prepare 3.20190228 for future releaseSimon McVittie2019-02-26
| |
* | doc: Document security issues involving LWP::UserAgentSimon McVittie2019-02-26
| | | | | | | | | | | | | | | | | | | | Recommend the LWPx::ParanoidAgent module where appropriate. It is particularly important for openid, since unauthenticated users can control which URLs that plugin will contact. Conversely, it is non-critical for blogspam, since the URL to be contacted is under the wiki administrator's control. Signed-off-by: Simon McVittie <smcv@debian.org>
* | useragent: Automatically choose whether to use LWPx::ParanoidAgentSimon McVittie2019-02-26
| | | | | | | | | | | | | | | | | | | | | | | | | | The simple implementation of this, which I'd prefer to use, would be: if we can import LWPx::ParanoidAgent, use it; otherwise, use LWP::UserAgent. However, aggregate has historically worked with proxies, and LWPx::ParanoidAgent quite reasonably refuses to work with proxies (because it can't know whether those proxies are going to do the same filtering that LWPx::ParanoidAgent would). Signed-off-by: Simon McVittie <smcv@debian.org>
* | useragent: Don't allow non-HTTP protocols to be usedSimon McVittie2019-02-26
| | | | | | | | | | | | | | This prevents the aggregate plugin from being used to read the contents of local files via file:/// URLs. Signed-off-by: Simon McVittie <smcv@debian.org>
* | useragent: Raise an exception if the LWP module can't be loadedSimon McVittie2019-02-24
|/ | | | Signed-off-by: Simon McVittie <smcv@debian.org>
* po: Always filter .po filesSimon McVittie2019-02-24
| | | | | | | | | | | | | | | | | | | | The input to filter hooks is meant to be the content of a source file on disk. If we only filter once per (page, destpage) pair, and a page is inlined into the same destpage more than once, then the second occurrence will render as the result of htmlizing .po source as if it was Markdown (or whatever the type of the corresponding master page is), which is never going to end well. The alreadyfiltered mechanism was added in commit 1e874b3f to avoid preprocessing loops, but I'm not sure where it could lead to a loop: filter hooks are only called from IkiWiki::filter, which is only called on page content from disk or on proposed content being previewed. According to <https://bugs.debian.org/911356#41>, deleting the alreadyfiltered mechanism resolves the problem, as well as simplifying the code. Closes: #911356 Tested-by: intrigeri
* Recommend against cvsps3 (haven't tried it).Amitai Schleier2019-02-13
|
* Announce v3.20190207Simon McVittie2019-02-07
| | | | Signed-off-by: Simon McVittie <smcv@debian.org>
* Prepare new releaseSimon McVittie2019-02-07
| | | | Signed-off-by: Simon McVittie <smcv@debian.org>
* reviewSimon McVittie2019-02-03
|
* commentSimon McVittie2019-02-03
|
* tag as reviewedsmcv2019-02-03
|
* respondsmcv2019-02-03
|
* Exclude reviewed patches from this listsmcv2019-02-03
|
* closeSimon McVittie2019-02-03
|
* append javascript after CSSAntoine Beaupré2019-02-03
| | | | | | | | | | | | | | Javascript resources should be presented to browsers after CSS, and "after the fold" (ATF) according to the best practices: https://developers.google.com/speed/docs/insights/mobile#PutStylesBeforeScripts This change allows the browser to download Javascript files in parallel, by including Javascript on the *closing* </body> tag instead of the opening tag. We also improve the regex to tolerate spaces before the body tag, as some templates have (proper) indentation for the tag.
* Remove unreachable git repositoriesSimon McVittie2019-02-03
| | | | Signed-off-by: Simon McVittie <smcv@debian.org>
* Mark as appliedSimon McVittie2019-02-03
| | | | Signed-off-by: Simon McVittie <smcv@debian.org>
* remove the "add comment" button from printed mediaAntoine Beaupré2019-02-03
|
* Add a missing changelog entry.Amitai Schleier2019-02-03
|
* Update changelogSimon McVittie2019-02-03
| | | | Signed-off-by: Simon McVittie <smcv@debian.org>
* Allow Breezy as alternative to Bazaar.Jelmer Vernooij2019-02-03
| | | | (cherry picked from commit a07f048d9fc99928ebbb74b34f5d1932ff3d7884)
* comments.t: Assert that comments get permalink metadataSimon McVittie2019-02-03
| | | | Signed-off-by: Simon McVittie <smcv@debian.org>
* comments.t: Exercise post-2009 comment namingSimon McVittie2019-02-03
| | | | | | Since commit 6af6c89d, comments are in files whose names contain a hash. Signed-off-by: Simon McVittie <smcv@debian.org>
* old regexp would have failed for old comment page namessmcv2019-02-03
|
* git-cgi.t: Exercise an alphanumeric, but non-ASCII, root pageSimon McVittie2019-02-03
| | | | | | | | | | | | | My previous attempt to reproduce this bug used a non-alphanumeric ASCII character. This is not currently considered to be a valid value for rootpage, although for a "do what I mean" approach, perhaps we should accept it and pass it through titlepage() or linkpage(). Using Chinese characters (which are considered to match [[:alnum:]] even though the Chinese script is not, strictly speaking, an alphabet), as in the original bug report, reproduces the bug. Signed-off-by: Simon McVittie <smcv@debian.org>
* Fix inline plugin for non-ASCII rootpageFeng Shu2019-02-03
|
* t: Exercise Chinese and Cyrillic page titlesSimon McVittie2019-02-03
| | | | Signed-off-by: Simon McVittie <smcv@debian.org>
* trail: Allow unescaped punctuation in pagenamesSimon McVittie2019-02-03
| | | | | | | By processing the pagenames through linkpage, we let users specify page names that contain non-alphanumerics in a more natural way. Signed-off-by: Simon McVittie <smcv@debian.org>
* trail.t: Exercise numeric escapes in pagenames parameterSimon McVittie2019-02-03
| | | | Signed-off-by: Simon McVittie <smcv@debian.org>
* linkpage.t: Assert we can link to pages with literal underscoreSimon McVittie2019-02-03
| | | | Signed-off-by: Simon McVittie <smcv@debian.org>
* t: Consistently remove temp directory before testing, not afterSimon McVittie2019-02-03
| | | | | | When a test fails, it's useful to be able to inspect the output. Signed-off-by: Simon McVittie <smcv@debian.org>
* build: Add `make reset-generated`Simon McVittie2019-02-03
| | | | Signed-off-by: Simon McVittie <smcv@debian.org>
* pagetitle.t, linkpage.t, titlepage.t: Exercise Unicode moreSimon McVittie2019-02-03
| | | | Signed-off-by: Simon McVittie <smcv@debian.org>
* link to recently-added testssmcv2019-01-31
|
* I'm confused about what the bug is, and what's being fixed. Can you give a ↵smcv2019-01-31
| | | | complete test or example?
* close bugSimon McVittie2019-01-31
|
* Update changelogSimon McVittie2019-01-31
|
generated by cgit v1.2.3 (git 2.45.0) at 2024-11-17 07:18:25 +0000