| Commit message (Expand) | Author | Age |
|---|
| ... | |
| * | Fix ugly display when editing a page that has vanished.•••srcfile now has an optional second parameter to avoid it throwing an error
if the source file does not exist.
| Joey Hess | 2008-05-02 |
| * | anonk: Add anonok_pagespec configuration setting that can be used to allow an... | Joey Hess | 2008-05-01 |
| * | img: Support a title attribute, will be passed through to html. Closes: #478718 | Joey Hess | 2008-04-30 |
| * | Add missing de.po. Closes: #471540 | Joey Hess | 2008-04-29 |
| * | Deal with different paths to perl when removing -T flag. | Joey Hess | 2008-04-28 |
| * | Add PREFIX/bin to the hardcoded PATH within ikiwiki. | Joey Hess | 2008-04-28 |
| * | toc: Add the table of contents at sanitize time, rather than at format time. ... | Joey Hess | 2008-04-26 |
| * | Correct a bug in pagespec matching, where a empty pagespec matched all pages.•••This manifested as wikis with no locked pages treating them all as locked.
The bug was introduced in version 2.41.
Medium urgency upload due to above fix.
| Joey Hess | 2008-04-24 |
| * | Allow libtext-markdown-perl to satisfy dependencies, as a an alternative to t... | Joey Hess | 2008-04-21 |
| * | add CVE link | Joey Hess | 2008-04-20 |
| * | Bring back the svnrepo setup file option. This is needed for recentchangediff... | Joey Hess | 2008-04-17 |
| * | releasing version 2.43 | Joey Hess | 2008-04-16 |
| * | Recommend a recent git-core for git init. Closes: 475609 | Joey Hess | 2008-04-11 |
| * | Give the full path to the hyperestraier helpfile in estseek.conf. | Joey Hess | 2008-04-10 |
| * | Use bzr --quiet to avoid it outputting stuff and messing up http headers. (Sc... | Joey Hess | 2008-04-10 |
| * | Fix broken rcs_update for bzr. (Scott Bronson) | Joey Hess | 2008-04-10 |
| * | Fix missing import of escapeHTML in userlink. (Scott Bronson) | Joey Hess | 2008-04-10 |
| * | releasing version 2.42 | Joey Hess | 2008-04-10 |
| * | Fix CSRF attacks against the preferences and edit forms. Closes: #475445•••The fix involved embedding the session id in the forms, and not allowing the
forms to be submitted if the embedded id does not match the session id.
In the case of the preferences form, if the session id is not embedded,
then the CGI parameters are cleared. This avoids a secondary attack where the
link to the preferences form prefills password or other fields, and
the user hits "submit" without noticing these prefilled values.
In the case of the editpage form, the anonok plugin can allow anyone to edit,
and so I chose not to guard against CSRF attacks against users who are not
logged in. Otherwise, it also embeds the session id and checks it.
For page editing, I assume that the user will notice if content or commit
message is changed because of CGI parameters, and won't blndly hit save page.
So I didn't block those CGI paramters. (It's even possible to use those CGI
parameters, for good, not for evil, I guess..)
The only other CSRF attack I can think of in ikiwiki involves the poll plugin.
It's certianly possible to set up a link that causes the user to unknowingly
vote in a poll. However, the poll plugin is not intended to be used for things
that people would want to attack, since anyone can after all edit the poll page
and fill in any values they like. So this "attack" is ignorable.
| Joey Hess | 2008-04-10 |
| * | need to handle urls to images the same•••Also, simplified finding the url to the top of the site.
| Joey Hess | 2008-04-03 |
| * | aggregate: Correct a mistake in the code that dummy up a guid for feeds lacki... | Joey Hess | 2008-04-03 |
| * | releasing version 2.41 | Joey Hess | 2008-03-29 |
| * | Added a hardlink option in the setup file, useful if the source and dest are ... | Joey Hess | 2008-03-29 |
| * | inline: Allow the "feedshow" parameter to take values greater than the value ... | Joey Hess | 2008-03-23 |
| * | external: Work around XML RPC's lack of support for null by passing a special... | Joey Hess | 2008-03-21 |
| * | Changed to a binary index file, written using Storable, for speed•••During refresh of a wiki with 800 files, loadindex was using more total
time than any other function, and saveindex was also in the top ten.
Rewriting them to use Storable makes them three times as fast.
0.7 seconds is saved on my laptop in profiling mode.
| Joey Hess | 2008-03-21 |
| * | Precompile pagespecs, about 10% overall speedup•••About 12% of ikiwiki runtime was spent in pagespec_match. It was evaling
the same pagespec code over and over again. This changes pagespec_translate
to return memoized, precompiled functions that can be called to match against
a given pagespec.
This also allows getting rid of the weird variable scoping trick that had
to be in effect for pagespec_translate to be called -- the variables are
now just fed into the function it returns.
On my laptop, this drops build time for the docwiki from about 60 to 50
seconds.
| Joey Hess | 2008-03-21 |
| * | crazy optimisation to work around slow markdown•••Markdown is slow. Especially if it has to process an enormous page. The
most common enormous page is currently the recentchanges page, which gets
processed a lot, and contains very little actual markdown. Most of it is a
big <div>, which markdown skips ... slowly.
This is a rather sick optimisation to work around markdown's speed issues.
Now inline inserts a small, dummy div, allows markdown to quickly render
the actual page content, then replaces the dummy with the actual inlined
pages later.
Results: Rendering just a recentchanges page, with diffs included, dropped
from 4.5 seconds to 2.7 seconds on my laptop. Building the entire wiki
dropped from 46.6 seconds to 39.5 seconds.
(It would be better if inline were a *post*-processor directive.)
| Joey Hess | 2008-03-21 |
| * | typo | Joey Hess | 2008-03-21 |
| * | smiley: Detect smileys inside pre and tags, and do not expand. | Joey Hess | 2008-03-21 |
| * | Close meta tag for redir properly. | Joey Hess | 2008-03-21 |
| * | Store userinfo in network byte order for easy portability. (Old files will be... | Joey Hess | 2008-03-19 |
| * | Time::Duration is no longer used, remove from docs and recommends. | Joey Hess | 2008-03-19 |
| * | German translation update. Closes: #471540 | Joey Hess | 2008-03-18 |
| * | * Record new pages in %pagesources temporarily when previewing so that••• things that need to know the page source or type can query it from there.
Fixes previewing of tables when creating a new page.
| Joey Hess | 2008-03-17 |
| * | * Detect invalid pagespecs and do not merge them in add_depends,••• as that can result in a broken merged pagespec that matches nothing.
| Joey Hess | 2008-03-17 |
| * | * Correct bug in encoding of %pagestate keys, fixes edittemplate. | Joey Hess | 2008-03-17 |
| * | * external: Add getargv and setargv methods to allow access to ikiwiki's••• @ARGV.
| Joey Hess | 2008-03-15 |
| * | * htmltidy: Pass --markup yes, in case tidy's config file disabled it. | Joey Hess | 2008-03-15 |
| * | * external: Fix support of XML::RPC::fault. | Joey Hess | 2008-03-15 |
| * | update | Joey Hess | 2008-03-15 |
| * | * French translation update. Closes: #471010 | Joey Hess | 2008-03-15 |
| * | * Fix expiry of old recentchanges changeset pages. | Joey Hess | 2008-03-14 |
| * | * Use absolute url for feedurl when filling out the feed templates.••• Closes: #470530
| Joey Hess | 2008-03-12 |
| * | * Use forcebaseurl to make page previews be displayed with the html base••• set to the destination page. This avoids need for hacks to munge the urls
in preview mode, which fixes several bugs.
* Several destpage fixes in plugins.
| Joey Hess | 2008-03-12 |
| * | changelog | Joey Hess | 2008-03-12 |
| * | * monotone: Require version 0.38 or greater, and stop using the mtnmergerc••• option. (Brian May)
| Joey Hess | 2008-03-12 |
| * | update | Joey Hess | 2008-03-11 |
| * | add changelog messages | Joey Hess | 2008-03-11 |
| * | * Remove locking code in git rcs_commit. I'm not sure if this was ever••• correct, and it's certianly not correct now, since the wiki is locked
before rcs_commit is ever called, and should not be unlocked by
rcs_commit either.
| Joey Hess | 2008-03-07 |