| Commit message (Expand) | Author | Age |
|---|
| * | comments: Fix XSS security hole due to missing validation of page name.•••Values have to be checked against wiki_file_regexp, not just file_pruned.
Audited the rest of the code base for similar problems, found none.
| Joey Hess | 2011-01-22 |
| * | use cgitemplate, remove misctemplate | Joey Hess | 2011-01-05 |
| * | add cgitemplate•••cgitemplate is a modified misctemplate that takes an optional cgi object
and uses it to set the baseurl, and also optionally the forcebaseurl,
if a page is provided.
If no cgi object is provided, it will fall back to using $config{url}.
I expect this will only be needed in exceptional cases where
that doesn't much matter, such as cgierror().
showform uses cgitemplate, so there is no more need for showform_preview.
| Joey Hess | 2011-01-05 |
| * | better handling of relative permalinks•••This way, do=goto will go to the page relative to
the current location, while the permalinks in feeds
will be absolute (unless an url is not configured at all).
| Joey Hess | 2011-01-05 |
| * | Fix permalinks to recentchanges items and comments, broken by last release.•••permalinks always need to be full urls
| Joey Hess | 2011-01-05 |
| * | Fix base url when previewing. Was broken by urlto changes in last release.•••Added a showform_preview that is like showform, but sets forcebaseurl
to point to the page being previewed.
| Joey Hess | 2011-01-05 |
| * | editpage, comment: Clean up title when editing or creating a page or comment.•••Now that page.tmpl is used for cgi, the parentlinks are able to be
displayed even when creating or editing a page. So it's redundant to
include the path to the page in the title, remove it.
| Joey Hess | 2010-12-25 |
| * | use one-parameter form of urlto | Joey Hess | 2010-11-29 |
| * | Pass a CGIURL into commentmoderation.tmpl•••Omitting this resulted <form action=""> which is in fact a working
self-referential form, but is less obvious than it ought to be.
| Simon McVittie | 2010-11-23 |
| * | Use local paths for most references to pages | Simon McVittie | 2010-11-23 |
| * | Use local paths for the CGI URL | Simon McVittie | 2010-11-23 |
| * | Use local paths for redirection where possible | Simon McVittie | 2010-11-23 |
| * | comments: Make comment() pagespec also match comments that are being posted. | Joey Hess | 2010-11-12 |
| * | comments: Make postcomment() pagespec work when previewing a comment. | Joey Hess | 2010-11-12 |
| * | Merge branch 'filter-full' | Joey Hess | 2010-07-12 |
| |\ |
|
| | * | remove unnecessary and troublesome filter calls•••This better defines what the filter hook is passed, to only be the raw,
complete text of a page. Not some snippet, or data read in from an
unrelated template.
Several plugins that filtered text that originates from an (already
filtered) page were modified not to do that. Note that this was not
done very consistently before; other plugins that receive text from a
page called preprocess on it w/o first calling filter.
The template plugin gets text from elsewhere, and was also changed not to
filter it. That leads to one known regression -- the embed plugin cannot
be used to embed stuff in templates now. But that plugin is deprecated
anyway.
Later we may want to increase the coverage of what is filtered. Perhaps
a good goal would be to allow writing a filter plugin that filters
out unwanted words, from any input. We're not there yet; not only
does the template plugin load unfiltered text from its templates now,
but so can the table plugin, and other plugins that use templates (like
inline!). I think we can cross that bridge when we come to it. If I wanted
such a censoring plugin, I'd probably make it use a sanitize hook instead,
for the better coverage.
For now I am concentrating on the needs of the two non-deprecated users
of filter. This should fix bugs/po_vs_templates, and it probably fixes
an obscure bug around txt's use of filter for robots.txt.
| Joey Hess | 2010-07-04 |
| * | | comments: Added commentmoderation directive for easy linking to the comment m... | Joey Hess | 2010-07-05 |
| * | | comment: Fix problem moderating comments of certian pages with utf-8 in their... | Joey Hess | 2010-07-04 |
| |/ |
|
| * | finializing openid nickname support•••Renamed usershort => nickname.
Note that this means existing user login sessions will not have the nickname
recorded, and so it won't be used for those.
| Joey Hess | 2010-06-23 |
| * | rcs_commit and rcs_commit_staged api changes•••Using named parameters for these is overdue. Passing the session in a
parameter instead of passing username and IP separately will later allow
storing other session info, like username or part of the email.
Note that these functions are not part of the exported API,
and the prototype change will catch (most) skew, so I am not changing
API versions. Any third-party plugins that call them will need updated
though.
| Joey Hess | 2010-06-23 |
| * | stop using REMOTE_ADDR•••Everywhere that REMOTE_ADDR was used, a session object is available, so
instead use its remote_addr method.
In IkiWiki::Receive, stop setting a dummy REMOTE_ADDR.
Note that it's possible for a session cookie to be obtained using one IP
address, and then used from another IP. In this case, the first IP will now
be used. I think that should be ok.
| Joey Hess | 2010-06-23 |
| * | avoid dying if cannot chdir to an underlaydir | Joey Hess | 2010-06-17 |
| * | Fix issues with combining unicode srcdirs and source files.•••A short story:
Once there was a unicode string, let's call him Srcdir.
Along came a crufy old File::Find, who went through a tree and pasted each
of the leaves in turn onto Srcdir. But this 90's relic didn't decode the
leaves -- despite some of them using unicode! Poor Srcdir, with these
leaves stuck on him, tainted them with his nice unicode-ness. They didn't
look like leaves at all, but instead garbage.
(In other words, perl's unicode support sucks mightily, and drives
us all to drink and bad storytelling. But we knew that..)
So, srcdir is not normally flagged as unicode, because typically it's pure
ascii. And in that case, things work ok; File::Find finds filenames, which
are not yet decoded to unicode, and appends them to the srcdir, and then
decode_utf8 happily converts the whole thing.
But, if the srcdir does contain utf8 characters, that breaks. Or, if a Yaml
setup file is used, Yaml::Syck's implicitunicode sets the unicode flag of
*all* strings, even those containing only ascii. In either case, srcdir
has the unicode flag set; a non-decoded filename is appended, and the flag
remains set; and decode_utf8 sees the flag and does *nothing*. The result
is that the filename is not decoded, so looks valid and gets skipped.
File::Find only sticks the directory and filenames together in no_chdir
mode .. but we need that mode for security. In order to retain the
security, and avoid the problem, I made it not pass srcdir to File::Find.
Instead, chdir to the srcdir, and pass ".". Since "." is ascii, the problem
is avoided.
Note that chdir srcdir is safe because we check for symlinks in the srcdir
path.
Note that it takes care to chdir back to the starting location. Because
the user may have specified relative paths and so staying in the srcdir
might break. A relative path could even be specifed for an underlay dir, so
it chdirs back after each.
| Joey Hess | 2010-06-15 |
| * | editpage, comments: Fix broken links in sidebar (due to forcebaseurl). (Thank... | Joey Hess | 2010-06-14 |
| * | let's allow comments of "0" | Joey Hess | 2010-06-09 |
| * | fix uninitalized value warning | Joey Hess | 2010-05-21 |
| * | Fix a typo in the last release. | Joey Hess | 2010-05-18 |
| * | Fix a bug that prevented matching deleted comments, and so did not update pag...•••Problem is that by the time rendering calls render_dependent, %pagesources
has had deleted files removed from it. So match_comment's lookup of
files in there to see if they had the _comment extension failed.
I had to introduce a hash that temporarily holds filenames of deleted pages
to fix this.
Note that unlike comment(), internal() had avoided this pitfall by being
defined to match both internal and non-internal pages.
| Joey Hess | 2010-05-18 |
| * | force scalar context | Joey Hess | 2010-05-17 |
| * | Revert "avoid showing comment post stuff on dynamic pages"•••This reverts commit 4a6d5330e5b9554f1bd25b9025dd96200c6519c7.
That was too ugly, the DYNAMIC test on page.tmpl will avoid the problem
anyway -- just needs to be added.
| Joey Hess | 2010-05-15 |
| * | avoid showing comment post stuff on dynamic pages•••If the site is configured to allow comments on *, then the comment post
interface was being added to cgi pages like signin and prefs. This fixes it
w/o requiring more page.tmpl changes. The pagetemplate hook is called by
misctemplate with an empty page name for dynamic pages.
| Joey Hess | 2010-05-15 |
| * | Merge branch 'master' into commentreorg | Joey Hess | 2010-05-07 |
| |\ |
|
| | * | avoid linking directly to ikiwiki.cgi?do=signin•••Instead, add a custom do=commentsignin, that calls cgi_signin.
This allows a plugin to inject a custom cgi_signin, that uses a different
do= parameter, and have it be used consitently. (This was the only
place to hardcode a link to do=signin.)
| Joey Hess | 2010-05-07 |
| * | | fix comment matching pagespecs•••test isinternal first, because match_glob with internal => 1 also returns
non-internal pages that match. This order should also be faster.
Remove test to see if pagesources is set. isinternal will not succeed if it
is not.
| Joey Hess | 2010-05-07 |
| * | | better wording | Joey Hess | 2010-05-07 |
| * | | bugfix | Joey Hess | 2010-05-07 |
| * | | bugfixes | Joey Hess | 2010-05-07 |
| * | | check that pagesources exists before testing | Joey Hess | 2010-05-07 |
| * | | fix match_comment | Joey Hess | 2010-05-07 |
| * | | moved comments pending moderation•••* comments: Comments pending moderation are now stored in the srcdir
alongside accepted comments, but with a `._comment_pending` extension.
* This allows easier byhand moderation, as the "_pending" need
only be stripped off and the comment be committed to version control.
* The `comment_pending()` pagespec can be used to match such unmoderated
comments, which makes it easy to add a feed of them, or a counter
indicating how many there are.
* Belatedly added a `comment()` pagespec.
| Joey Hess | 2010-05-06 |
| |/ |
|
| * | adapt comment.tmpl to html5•••Note that I put comment-header in a <header> despite it being
below the comment. Using a <footer> would be confusing given
the class name. Also, the content is semantically closer to
a header than a footer.
| Joey Hess | 2010-05-02 |
| * | Add parameter to displaytime to specify that it is a pubdate, and in html5 mo... | Joey Hess | 2010-05-02 |
| * | template() - return params in list context•••I forgot CGI::Formbuilder's horrible interface that needs template
parameters instead of a constructed object.
| Joey Hess | 2010-04-24 |
| * | look for templates in srcdir and underlays, first•••This entailed changing template_params; it no longer takes the template
filename as its first parameter.
Add template_depends to api and replace calls to template() with
template_depends() in appropriate places, where a dependency should be
added on the template.
Other plugins don't use template(), so will need further work.
Also, includes are disabled for security. Enabling includes only when using
templates from the templatedir would be nice, but would add a lot of
complexity to the implementation.
| Joey Hess | 2010-04-22 |
| * | bugfix•••Avoid file_pruned triggering on absolute paths causing the whole
comments_pending directory being pruned.
Simplify code.
| Joey Hess | 2010-04-20 |
| * | fix stat to use unmunged filename | Joey Hess | 2010-04-20 |
| * | oops, fix for no_chdir mode•••$_ will be absolute then
| Joey Hess | 2010-04-20 |
| * | use one parameter form of file_pruned here too•••In File::Find, $_ is relative to the current directory, so that is ok.
Also, the directory name doesn't need to be stripped from $_.
| Joey Hess | 2010-04-20 |
| * | unfinished file_prune revamp•••Many calls to file_prune were incorrectly calling it with 2 parameters.
In cases where the filename being checked is relative to the srcdir,
that is not needed.
Made absolute filenames be pruned. (This won't work for the 2 parameter call
style.)
| Joey Hess | 2010-04-17 |
| * | HTML-encode meta title, description, guid on output, but not in the pagestate•••This makes them consistent with the rest of the meta keys. A wiki rebuild
will be needed on upgrade to this version; until the wiki is rebuilt,
double-escaping will occur in the titles of pages that have not changed.
| Simon McVittie | 2010-04-06 |