ikiwiki - [no description]

	Commit message (Collapse)	Author	Age
*	add and use cgiurl_abs_samescheme	Joey Hess	2018-01-05
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* emailauth: Fix cookie problem when user is on https and the cgiurl uses http, by making the emailed login link use https. * passwordauth: Use https for emailed password reset link when user is on https. Not entirely happy with this approach, but I don't currently see a better one. I have not verified that the passwordauth change fixes any problem, other than the user getting a http link when they were using https. The emailauth problem is verified fixed by this commit. This commit was sponsored by Michael Magin.
*	how to fix?	Joey Hess	2018-01-05
\|
*	think I cracked it	Joey Hess	2018-01-05
\|
*	update	Joey Hess	2018-01-05
\|
*	correction; I did not reproduce this	Joey Hess	2018-01-04
\| \| \| \| \|	I was manually reloading /ikiwiki.cgi?do=login, and postsignin is not set when that's done, which is a bug, but not the bug I was after.
*	bug report	Joey Hess	2018-01-04
\|
*	(no commit message)	jon+ikiwiki@663db4cb26e845748f3e7e6d51eeb26c6014f1c3	2017-12-08
\|
*	possible explanation	jon+ikiwiki@663db4cb26e845748f3e7e6d51eeb26c6014f1c3	2017-12-08
\|
*	formatting	jon+ikiwiki@663db4cb26e845748f3e7e6d51eeb26c6014f1c3	2017-12-08
\|
*	(no commit message)	jon+ikiwiki@663db4cb26e845748f3e7e6d51eeb26c6014f1c3	2017-12-08
\|
*	bug report re http redirect	jon+ikiwiki@663db4cb26e845748f3e7e6d51eeb26c6014f1c3	2017-12-08
\|
*	file bug	Edward	2017-10-27
\|
*	formatting	Edward	2017-10-27
\|
*	file bug	Edward	2017-10-27
\|
*	file bug	Edward	2017-10-27
\|
*	Update changelog and close bug	Simon McVittie	2017-09-28
\|
*	Report bug + merge request: image resize is not deterministic.	intrigeri	2017-09-01
\|
*	removed	Keeh	2017-08-21
\|
*	(no commit message)	Keeh	2017-08-21
\|
*	(no commit message)	Keeh	2017-08-21
\|
*	(no commit message)	vpelcak@b216e425210695d731d2673167c7dd45e5e9b1c9	2017-08-07
\|
*	answer question, with reference.	DavidCary	2017-07-05
\|
*	request more information	Simon McVittie	2017-06-22
\|
*	add bug report originally emailed to me by Peter Simons	Joey Hess	2017-06-22
\|
*	Suggested syntax does work, and has a test	smcv	2017-05-19
\|
*	it is (meant to be) possible, just not with that syntax	smcv	2017-05-19
\|
*	(no commit message)	fmarier	2017-05-18
\|
*	color: Use markup for the preserved CSS, not character data	Simon McVittie	2017-05-16
\| \| \| \| \| \|	This still smuggles it past the sanitize step, but avoids having other plugins that want to capture text content without markup (notably toc) see the CSS as if it was text content.
*	close	smcv	2017-05-16
\|
*	mdwn: Enable footnotes by default when using Discount	Simon McVittie	2017-05-14
\| \| \| \| \|	A new mdwn_footnotes option can be used to disable footnotes in MultiMarkdown and Discount.
*	mdwn: Don't mangle <style> into <elyts> under some circumstances	Simon McVittie	2017-05-14
\| \| \| \| \|	We can ask libdiscount not to elide <style> blocks, which means we don't have to work around them.
*	httpauth: If REMOTE_USER is empty, behave as though it was unset	Simon McVittie	2017-05-14
\| \| \| \| \| \|	A frequently cut-and-pasted HTTP basic authentication configuration for nginx sets it to the empty string when not authenticated, which is not useful.
*	complete last paragraph	smcv	2017-05-14
\|
*	I have a theory	smcv	2017-05-14
\|
*	Fixing format	desci	2017-03-29
\|
*	As requested	desci	2017-03-29
\|
*	Answering questions and updating links	desci	2017-03-29
\|
*	Add CVE references for CVE-2016-10026	Simon McVittie	2016-12-21
\|
*	Replied.	intrigeri	2016-12-20
\|
*	Restrict CSS matches on .header to not affect <tr>	Simon McVittie	2016-12-19
\| \| \| \| \| \| \|	Pandoc generates <tr class="header"> to hold <th> elements, and we don't want to make those be display: block. Signed-off-by: Simon McVittie <smcv@debian.org>
*	Tell `git revert` not to follow renames	Simon McVittie	2016-12-19
\| \| \| \| \| \| \| \| \| \| \| \|	Otherwise, we have an authorization bypass vulnerability: rcs_preprevert looks at what changed in the commit we are reverting, not at what would result from reverting it now. In particular, if some files were renamed since the commit we are reverting, a revert of changes that were within the designated subdirectory and allowed by check_canchange() might now affect files that are outside the designated subdirectory or disallowed by check_canchange(). Signed-off-by: Simon McVittie <smcv@debian.org>
*	rename bugs/img_tag_should_support_relative_size.mdwn to ↵	smcv	2016-12-19
\| \| \| \|	todo/img_tag_should_support_relative_size.mdwn
*	Not possible as stated, but could be adapted into a valid feature request	smcv	2016-12-19
\|
*	(no commit message)	smcv	2016-12-19
\|
*	cgitemplate: remove dead code	Simon McVittie	2016-12-19
\| \| \| \| \| \| \| \|	blipvert points out in [[bugs/use of $topurl in cgitemplate]] that this variable has not been used since commit a052771 "Now that we're always using HTML5, <base href> can be relative". Signed-off-by: Simon McVittie <smcv@debian.org>
*	Report authorization bypass via RCS revert.	intrigeri	2016-12-17
\|
*	(no commit message)	blipvert@b874dc05477cdc0dc8c9c8d9bbe2e39240253a85	2016-12-14
\|
*	(no commit message)	blipvert@b874dc05477cdc0dc8c9c8d9bbe2e39240253a85	2016-12-14
\|
*	pagestats determinism: report bug + patch.	intrigeri	2016-11-20
\|
*	(no commit message)	vegardv@75ae889e836bda8ce69bc038d8335c398a2f6f40	2016-11-03
\|