Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | add CVE ids | Joey Hess | 2008-02-20 |
| | |||
* | some updates about the recent hole | Joey Hess | 2008-02-10 |
| | |||
* | a few thoughts on data: security | Joey Hess | 2008-02-10 |
| | |||
* | document security fix | Joey Hess | 2008-02-10 |
| | | | | | The backported fix for stable is tagged and waiting for the security team to upload. | ||
* | typo | Joey Hess | 2007-12-22 |
| | |||
* | more | Joey Hess | 2007-11-27 |
| | |||
* | remove svn-isms | Joey Hess | 2007-11-27 |
| | |||
* | add some documentation about how to safely allow multiple committers to an | Joey Hess | 2007-11-27 |
| | | | | ikiwiki git repository | ||
* | releasing version 2.14 | Joey Hess | 2007-11-26 |
| | |||
* | * Fix a security hole that allowed insertion of unsafe content via the meta | joey | 2007-03-21 |
| | | | | | | | | | | plugins's support for inserting html link and meta tags. Now such content is passed through the htmlscrubber like everything else. * Unfortunatly, that means that some valid uses of those tags are no longer usable, and special case methods needed to be added for including stylesheets, and for doing openid delegation. If you use either of these in your wiki, it will need to be modified. See the meta plugin docs for details. | ||
* | * Fix a few bugs around page titles containing html. The worst of these | joey | 2007-03-21 |
| | | | | | is an actual security hole as it allows insertion of html into the title element of a page, which is not processed by the htmlscrubber. | ||
* | document recent security hole | joey | 2007-02-14 |
| | |||
* | web commit by JeremyReed: typo fix | joey | 2006-12-27 |
| | |||
* | web commit by http://id.kurokatta.org/david: Copyedit. | joey | 2006-11-21 |
| | |||
* | some notes about the security (or lack thereof) of plugins | joey | 2006-10-22 |
| | |||
* | * Add toc (table of contents) plugin. | joey | 2006-08-28 |
| | |||
* | update | joey | 2006-08-28 |
| | |||
* | * Patch from James Westby to add a --sslcookie switch, which forces | joey | 2006-08-27 |
| | | | | | | | cookies to only be sent over ssl connections to avoid interception. * Factor out the cgi header printing code into a new function. * Fix preferences page on anonok wikis; still need to sign in to get to the preferences page. | ||
* | * Allow preprocessor directives to contain python-like triple-quoted | joey | 2006-08-23 |
| | | | | | | | text blocks, for easy nesting of quotes inside. * Add a template plugin. * Use the template plugin to add infoboxes to each plugin page listing basic info about the plugin. | ||
* | update | joey | 2006-08-18 |
| | |||
* | misc changes | joey | 2006-08-05 |
| | |||
* | releasing version 1.13 | joey | 2006-08-02 |
| | |||
* | security note | joey | 2006-07-30 |
| | |||
* | web commit by ThomasSchwinge: Typo fixes. | www-data | 2006-07-02 |
| | |||
* | web commit by joey | www-data | 2006-07-02 |
| | |||
* | * Parse svn log as xml for improved utf8 and security. Note that this makes | joey | 2006-07-02 |
| | | | | ikiwiki depend on XML::Simple. Patch by Faidon Liambotis. | ||
* | * More security review. | joey | 2006-06-01 |
| | |||
* | typo | joey | 2006-05-26 |
| | |||
* | * Removed --sanitize and --no-sanitize, replaced with --plugin htmlscrubber | joey | 2006-05-05 |
| | | | | and --disable-plugin htmlscrubber. | ||
* | * Added plugin system, currently only supporting for PreProcessorDirectives. | joey | 2006-05-02 |
| | | | | | | | | | | | * Added a pagecount plugin, enabled by default. * Support PreProcessorDirectives with no parameters, ie "[[pagecount ]]". * Fixed/optimised backlinks code, to avoid rebuilding pages to update backlinks when the backlinks hadn't really changed. * Moved inline page support, rss generation etc into the inline plugin, enabled by default. * Added brokenlinks plugin, not enabled by default, but rather handy. * Fix several broken links in the doc wiki. | ||
* | web commit by joey | www-data | 2006-04-25 |
| | |||
* | web commit by joey | www-data | 2006-04-25 |
| | |||
* | security update | joey | 2006-04-25 |
| | |||
* | web commit by joey | www-data | 2006-04-25 |
| | |||
* | web commit by joey | www-data | 2006-04-25 |
| | |||
* | web commit by joey | www-data | 2006-04-25 |
| | |||
* | implemented html sanitisation | joey | 2006-04-25 |
| | |||
* | web commit by joey | www-data | 2006-04-25 |
| | |||
* | update | joey | 2006-04-24 |
| | |||
* | update | joey | 2006-04-24 |
| | |||
* | improve fix for symlink attacks to check subdirectories for symlinks too | joey | 2006-03-29 |
| | | | | | before writing | ||
* | Implemented --underlaydir, and moved files provided by underlay out of doc | joey | 2006-03-29 |
| | | | | | | | | | so I don't need to maintain two copies anymore. You might also want to remove the files provided in the basewiki underlay from your wiki, if you have not created custom local versions of them, so that these pages will be automatically updated in future ikiwiki upgrades. | ||
* | added --getctime | joey | 2006-03-26 |
| | |||
* | found & fixed another symlink attack | joey | 2006-03-23 |
| | |||
* | added adminuser settings, globlist support, and used this to implement page | joey | 2006-03-23 |
| | | | | | locking | ||
* | web commit by joey | www-data | 2006-03-19 |
| | |||
* | web commit by joey | www-data | 2006-03-19 |
| | |||
* | web commit by joey | www-data | 2006-03-19 |
| | |||
* | web commit by joey | www-data | 2006-03-19 |
| | |||
* | web commit by joey | www-data | 2006-03-16 |
| |