aboutsummaryrefslogtreecommitdiff
path: root/IkiWiki/Plugin
Commit message (Collapse)AuthorAge
* Make the attachment plugin work with CGI.pm 4.x (Closes: #786586; workaround ↵Simon McVittie2015-06-07
| | | | for #786587 in libcgi-pm-perl)
* Do not directly enable emailauth by default, only indirectly via openidSimon McVittie2015-05-27
| | | | | | | This avoids nasty surprises on upgrade if a site is using httpauth, or passwordauth with an account_creation_password, and relying on only a select group of users being able to edit the site. We can revisit this for ikiwiki 4.
* sohrten url in subjectJoey Hess2015-05-19
|
* nicer layout of subjectJoey Hess2015-05-19
|
* add url to subject of emailJoey Hess2015-05-19
| | | | | The wikiname can be pretty un-helpful, the user will probably regognise the url since they were just at it.
* cloak user PII when making commits etc, and let cloaked PII be used in ↵Joey Hess2015-05-14
| | | | | | | | | | | | | | banned_users This was needed due to emailauth, but I've also wrapped all IP address exposure in cloak(), although the function doesn't yet cloak IP addresses. (One IP address I didn't cloak is the one that appears on the password reset email template. That is expected to be the user's own IP address, so ok to show it to them.) Thanks to smcv for the pointer to http://xmlns.com/foaf/spec/#term_mbox_sha1sum
* passwordauth: Don't allow registering accounts that look like openids.Joey Hess2015-05-14
| | | | | Also prohibit @ in account names, in case the file regexp was relaxed to allow it.
* don't let emailauth user's email address be changed on preferences pageJoey Hess2015-05-13
| | | | | | There's no real problem if they do change it, except they may get confused and expect to be able to log in with the changed email and get the same user account.
* when an emailauth user posts a comment, use the username only, not the full ↵Joey Hess2015-05-13
| | | | | | | | | | | email address This makes the email not be displayed on the wiki, so spammers won't find it there. Note that the full email address is still put into the comment template. The email is also used as the username of the git commit message (when posting comments or page edits). May want to revisit this later.
* avoid showing password prefs for emailauth userJoey Hess2015-05-13
|
* fix up session cookieJoey Hess2015-05-13
|
* emailauth link sent and verified; user login worksJoey Hess2015-05-13
| | | | | Still some work to do since the user name is an email address and should not be leaked.
* move stub auth hook to loginselectorJoey Hess2015-05-13
|
* email auth plugin now works through email address entryJoey Hess2015-05-13
|
* Converted openid-selector into a more generic loginselector helper plugin.Joey Hess2015-05-13
|
* rename openid selector files to login-selectorJoey Hess2015-05-13
|
* further generalization of openid selectorJoey Hess2015-05-13
| | | | Now template variables can be set to control which login methods are shown
* generalized the openid selector to a login selectorJoey Hess2015-05-13
| | | | | | | | | This includes some CSS changes to names of elements. Also, added Email login button (doesn't work yet of course), and brought back the small openid login buttons. Demoted yahoo and verison to small buttons. This makes the big buttons be the main login types, and the small buttons be provider-specific helpers.
* When openid and passwordauth are the only enabled auth plugins, make the ↵Joey Hess2015-05-13
| | | | openid selector display "Password" instead of "Other", so users are more likely to click on it when they don't have an openid.
* Standardize on --long-option instead of -long-optionSimon McVittie2015-03-01
| | | | | | | | | | [[forum/refresh_and_setup]] indicates some confusion between --setup and -setup. Both work, but it's clearer if we stick to one in documentation and code. A 2012 commit to [[plugins/theme]] claims that "-setup" is required and "--setup" won't work, but I cannot find any evidence in ikiwiki's source code that this has ever been the case.
* In VCS-committed anonymous comments, link to url.Amitai Schlair2015-01-08
|
* Update blogspam to the 2.0 API.Amitai Schlair2015-01-02
|
* po: If msgmerge falls over on a problem po file, print a warning message, ↵Joey Hess2014-12-30
| | | | but don't let this problem crash ikiwiki entirely.
* Avoid uninitialized warnings with comments+no CGI.Amitai Schlair2014-12-28
|
* ikiwiki-comment: optionally override parameters.Amitai Schlair2014-12-27
|
* Squelch "keys on reference is experimental".Amitai Schlair2014-12-27
|
* Merge branch 'ready/html5'Simon McVittie2014-11-26
|\
| * Always produce HTML5 doctype and new attributes, but not new elementsSimon McVittie2014-10-16
| | | | | | | | | | | | | | | | | | | | | | | | | | According to caniuse.com, a significant fraction of Web users are still using Internet Explorer versions that do not support HTML5 sectioning elements. However, claiming we're XHTML 1.0 Strict means we can't use features invented in the last 12 years, even if they degrade gracefully in older browsers (like the role and placeholder attributes). This means our output is no longer valid according to any particular DTD. Real browsers and other non-validator user-agents have never cared about DTD compliance anyway, so I don't think this is a real loss.
* | Fix numeric comparisons with undefSimon McVittie2014-11-26
| |
* | fix some typosSimon McVittie2014-11-26
| |
* | Merge remote-tracking branch 'spalax/calendar-autocreate'Simon McVittie2014-11-26
|\ \
| * | Corrected error: month pages were created even without calendar_autocreate ↵Louis2014-11-14
| | | | | | | | | | | | config option
| * | Deleted unnecessary codeLouis2014-11-14
| | |
| * | IndentationLouis2014-11-14
| | |
| * | Calendar pages are now rebuilt when previous or next page have changedLouis2014-07-07
| | |
| * | Making use of the transient pluginLouis2014-07-07
| | |
| * | Added option `calendar_fill_gaps`Louis2014-07-05
| | |
| * | Simplifying codeLouis2014-07-05
| | | | | | | | | | | | Thanks to review from http://ikiwiki.info/todo/calendar_autocreate/
| * | calendar plugin: Autocreate archive pages if neededLouis2014-06-24
| | |
* | | openid: Stop suppressing the email field on the Preferences page.Joey Hess2014-11-06
| | | | | | | | | | | | | | | This is needed for notifyemail, and not all openid providers report an email address, or necessarily the one the user wants to get email.
* | | add ikiwiki-comment programJoey Hess2014-10-20
| | |
* | | Remove space from perl shebang path.Amitai Schlair2014-10-17
| | |
* | | IkiWiki::Plugin::openid: as a precaution, do not call non-coderefsAmitai Schlair2014-10-16
| | | | | | | | | | | | | | | | | | | | | | | | We're running under "use strict" here, so if CGI->param's array-context misbehaviour passes an extra non-ref parameter, it shouldn't be executed anyway... but it's as well to be safe. [commit message added by smcv]
* | | Call CGI->param_fetch instead of CGI->param in array contextAmitai Schlair2014-10-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CGI->param has the misfeature that it is context-sensitive, and in particular can expand to more than one scalar in function calls. This led to a security vulnerability in Bugzilla, and recent versions of CGI.pm will warn when it is used in this way. In the situations where we do want to cope with more than one parameter of the same name, CGI->param_fetch (which always returns an array-reference) makes the intention clearer. [commit message added by smcv]
* | | Make sure we do not pass multiple CGI parameters in function callsSimon McVittie2014-10-16
| |/ |/| | | | | | | | | | | | | | | | | | | When CGI->param is called in list context, such as in function parameters, it expands to all the potentially multiple values of the parameter: for instance, if we parse query string a=b&a=c&d=e and call func($cgi->param('a')), that's equivalent to func('b', 'c'). Most of the functions we're calling do not expect that. I do not believe this is an exploitable security vulnerability in ikiwiki, but it was exploitable in Bugzilla.
* | Do not pass ignored sid parameter to checksessionexpirySimon McVittie2014-10-12
| | | | | | | | | | | | | | | | checksessionexpiry's signature changed from (CGI::Session, CGI->param('sid')) to (CGI, CGI::Session) in commit 985b229b, but editpage still passed the sid as a useless third parameter, and this was later cargo-culted into remove, rename and recentchanges.
* | comments: don't log remote IP address for signed-in usersSimon McVittie2014-10-12
| | | | | | | | | | | | | | The intention was that signed-in users (for instance via httpauth, passwordauth or openid) are already adequately identified, but there's nothing to indicate who an anonymous commenter is unless their IP address is recorded.
* | img: raise an error if we cannot find the image's sizeSimon McVittie2014-09-16
| | | | | | | | This happens for PDFs without ghostscript installed, for instance.
* | Merge branch 'ready/templatebody'Simon McVittie2014-09-15
|\ \
| * | Add templatebody plugin and directive, and enable it by defaultSimon McVittie2014-03-05
| | | | | | | | | | | | Also add a regression test for templatebody.