| Commit message (Expand) | Author | Age |
|---|
| * | Merge remote branch 'smcv/ready/sslcookie-auto' | Joey Hess | 2010-11-29 |
| |\ |
|
| | * | Always set secure cookies if logging in via HTTPS | Simon McVittie | 2010-11-29 |
| * | | Use local path for even more CGI URLs | Simon McVittie | 2010-11-23 |
| * | | Use local paths for redirection where possible | Simon McVittie | 2010-11-23 |
| |/ |
|
| * | stop using REMOTE_ADDR•••Everywhere that REMOTE_ADDR was used, a session object is available, so
instead use its remote_addr method.
In IkiWiki::Receive, stop setting a dummy REMOTE_ADDR.
Note that it's possible for a session cookie to be obtained using one IP
address, and then used from another IP. In this case, the first IP will now
be used. I think that should be ok.
| Joey Hess | 2010-06-23 |
| * | allow misctemplate callers to pass params to suppress actions etc•••Suppress disiplay of small search for on search results page, and of
Prefrences link on prefs page.
| Joey Hess | 2010-05-14 |
| * | moved non-openid signin form into same page as openid selector; show/hide as ... | Joey Hess | 2010-05-08 |
| * | simplify formbuilder stylesheet specification•••Since all forms are wrapped in a template that defines the actual
stylesheets, formbuilder just has to be told to turn on stylesheet mode,
not what file is the style sheet.
| Joey Hess | 2010-05-06 |
| * | brace style | Joey Hess | 2010-01-18 |
| * | typos | Joey Hess | 2010-01-18 |
| * | make decode_form_utf8 safe for arrays | Joey Hess | 2010-01-09 |
| * | 404/goto: Fix 404 display of utf-8 pages.•••Problem here was that no charset http header was being sent.
I fixed this globally by making cgi_custom_failure send the header.
Required changing its parameters.
| Joey Hess | 2009-12-14 |
| * | fix url encoding in redir•••When redirecting to a page, ie, after editing, ensure that the url is
uri-encoded. Most browsers other than MSIE don't care, but it's the right
thing to do.
The known failure case involved editing a page that had utf-8 in the name
using MSIE.
| Joey Hess | 2009-10-29 |
| * | Expand banned_users; it can now include PageSpecs, which allows banning by IP... | Joey Hess | 2009-09-08 |
| * | Fix typo attepting→attempting | Jonas Smedegaard | 2009-07-23 |
| * | detect sslcookie set and no https•••This is likely a misconfiguration and can cause login to fail as the
browser refuses the send the session cookie back over http.
Not entirely happy with putting the check where I did, since users have to
try to log in, and fail, to see the misconfiguration explained. But I could
not find a better place to put the check.
| Joey Hess | 2009-02-26 |
| * | factor out IE stupididy workaround | Joey Hess | 2009-01-31 |
| * | Split cgi_goto into a goto plugin | Simon McVittie | 2009-01-31 |
| * | Split apache404 into an independent plugin•••Also make it ignore the 'do' parameter at Joey's suggestion, to have one
less thing to remember when configuring.
| Simon McVittie | 2009-01-31 |
| * | CGI: pad error responses with 512 bytes of spaces so IE will display them•••IE displays its own error responses unless the server's was >= 512 bytes.
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q294807
| Simon McVittie | 2009-01-31 |
| * | CGI: set up goto hook so that /ikiwiki.cgi?do=goto can be an Apache ErrorDocu... | Simon McVittie | 2009-01-31 |
| * | CGI: add cgi_page_from_404(), which remaps a path like $REDIRECT_URL to an Ik...•••Also add a regression test
| Simon McVittie | 2009-01-31 |
| * | CGI: if the page is missing, give the "missing page" a 404 status | Simon McVittie | 2009-01-31 |
| * | CGI: document why commenter and recentchanges_link are supported | Simon McVittie | 2009-01-31 |
| * | CGI: if the "do" parameter is goto, recentchanges_link or commenter, redirect...•••This can replace equivalent functionality in comments and recentchanges.
| Simon McVittie | 2009-01-31 |
| * | CGI: add cgi_goto(CGI, [page])•••This redirects to the given page (or if none is given, the page parameter
given to the CGI), or displays an error with a create link if the page
doesn't exist.
| Simon McVittie | 2009-01-31 |
| * | remove deprecated admin prefs•••A new ikiwiki-transition moveprefs subcommand can pull the old data out of
the userdb and inject it into the setup file.
Note that it leaves the old values behind in the userdb too. I did this
because I didn't want to lose data if it fails writing the setup file for
some reason, and the old data in the userdb will only use a small amount of
space. Running the command multiple times will mostly not change anything.
| Joey Hess | 2008-12-24 |
| * | Coding style change: Remove explcit vim folding markers. | Joey Hess | 2008-12-17 |
| * | checksessionexpiry: rework•••This function as factored out was a bit confusing, I think this makes more
sense.
| Joey Hess | 2008-12-17 |
| * | editpage: factor out checksessionexpiry into IkiWiki::CGI | Simon McVittie | 2008-12-11 |
| * | Fix issue with utf-8 in wikiname breaking session cookies, by entity-encoding... | Joey Hess | 2008-10-19 |
| * | editpage: New core plugin factoring out page editing to allow disabling it if... | Joey Hess | 2008-09-05 |
| * | Set cookies HttpOnly. | Joey Hess | 2008-08-28 |
| * | typo | Joey Hess | 2008-08-05 |
| * | relocate | Joey Hess | 2008-08-02 |
| * | banned_users move to setup file, stage 1 | Joey Hess | 2008-08-01 |
| * | add a rename summary | Joey Hess | 2008-07-22 |
| * | Split out error messages from editpage.tmpl into several separate templates. | Joey Hess | 2008-07-22 |
| * | only htmlize errors when cgi is actually running | Joey Hess | 2008-07-12 |
| * | fix use ordering•••The recent setup revamp exposed some latent bugs in use/package ordering
that caused some symbols to not the exported into the correct scope.
| Joey Hess | 2008-07-11 |
| * | Fixes creation of pages when clicking on WikiLinks starting with "/". | Joey Hess | 2008-07-10 |
| * | work around CGI::Session constructor issues•••The constructor can fail with a useless error message if module fail to
load. Work around this by evaling it, and checking for failures, and
printing CGI::Session->errstr to get a more useful message.
| Joey Hess | 2008-07-10 |
| * | editpage escaping fixes•••* The editpage form now uses the raw page name, not the page title, in its
'page' cgi parameter. Using the title was ambiguous and made it
impossible to tell between some pages, like "foo/bar" and "foo__47__bar",
sometimes causing the wrong page to be edited.
* This change means that some edit links need to be updated.
Force a rebuild on upgrade to this version.
* Above change also allowed really fixing escaped slashes from the blogpost
form.
| Joey Hess | 2008-07-06 |
| * | better approach for cgi upload disabling•••Make it a config setting, this way subtle load order issues don't come into
play. (As much?)
| Joey Hess | 2008-07-01 |
| * | simplification | Joey Hess | 2008-07-01 |
| * | disable cgi uploads earlier•••This allows plugins that want to enable uploads to do so by changing the
value of $CGI::DISABLE_UPLOADS at some point before the cgi hook is run.
| Joey Hess | 2008-06-30 |
| * | remove unused editpage title•••The title was set to editpage, but then always changed.
And some code tested for this. Remove this dead code.
| Joey Hess | 2008-06-30 |
| * | Configure CGI.pm to disable file uploads by default. | Joey Hess | 2008-06-30 |
| * | call format hooks when generating page previews•••* toc: Revert change in 2.45 that made it run at sanitize time. This breaks
use of toc in a sidebar.
* Call format hooks when generating page previews, thus fixing toc display
there, as well as fixing inlins to again display in page previews, since
it's started using format hooks. This also allows several other things,
like embed, that use format hooks, to work during page preview time.
* Format hooks should not rely on getting an entire html document, as they
will only get the body during page preview.
* toggle: Deal with preview mode when adding javascript.
| Joey Hess | 2008-06-28 |
| * | Pass a destpage parameter to the sanitize hook.•••Because the search plugin needed it, also because it's one of the few
plugins that didn't already have it.
I also considered adding it to htmlize, but I really cannot imagine caring
what the destpage is when htmlizing. (I'll probably be poven wrong later.)
| Joey Hess | 2008-06-04 |