aboutsummaryrefslogtreecommitdiff
path: root/doc/security.mdwn
Commit message (Collapse)AuthorAge
* * Fix a security hole that allowed insertion of unsafe content via the metajoey2007-03-21
| | | | | | | | | | plugins's support for inserting html link and meta tags. Now such content is passed through the htmlscrubber like everything else. * Unfortunatly, that means that some valid uses of those tags are no longer usable, and special case methods needed to be added for including stylesheets, and for doing openid delegation. If you use either of these in your wiki, it will need to be modified. See the meta plugin docs for details.
* * Fix a few bugs around page titles containing html. The worst of thesejoey2007-03-21
| | | | | is an actual security hole as it allows insertion of html into the title element of a page, which is not processed by the htmlscrubber.
* document recent security holejoey2007-02-14
|
* web commit by JeremyReed: typo fixjoey2006-12-27
|
* web commit by http://id.kurokatta.org/david: Copyedit.joey2006-11-21
|
* some notes about the security (or lack thereof) of pluginsjoey2006-10-22
|
* * Add toc (table of contents) plugin.joey2006-08-28
|
* updatejoey2006-08-28
|
* * Patch from James Westby to add a --sslcookie switch, which forcesjoey2006-08-27
| | | | | | | cookies to only be sent over ssl connections to avoid interception. * Factor out the cgi header printing code into a new function. * Fix preferences page on anonok wikis; still need to sign in to get to the preferences page.
* * Allow preprocessor directives to contain python-like triple-quotedjoey2006-08-23
| | | | | | | text blocks, for easy nesting of quotes inside. * Add a template plugin. * Use the template plugin to add infoboxes to each plugin page listing basic info about the plugin.
* updatejoey2006-08-18
|
* misc changesjoey2006-08-05
|
* releasing version 1.13joey2006-08-02
|
* security notejoey2006-07-30
|
* web commit by ThomasSchwinge: Typo fixes.www-data2006-07-02
|
* web commit by joeywww-data2006-07-02
|
* * Parse svn log as xml for improved utf8 and security. Note that this makesjoey2006-07-02
| | | | ikiwiki depend on XML::Simple. Patch by Faidon Liambotis.
* * More security review.joey2006-06-01
|
* typojoey2006-05-26
|
* * Removed --sanitize and --no-sanitize, replaced with --plugin htmlscrubberjoey2006-05-05
| | | | and --disable-plugin htmlscrubber.
* * Added plugin system, currently only supporting for PreProcessorDirectives.joey2006-05-02
| | | | | | | | | | | * Added a pagecount plugin, enabled by default. * Support PreProcessorDirectives with no parameters, ie "[[pagecount ]]". * Fixed/optimised backlinks code, to avoid rebuilding pages to update backlinks when the backlinks hadn't really changed. * Moved inline page support, rss generation etc into the inline plugin, enabled by default. * Added brokenlinks plugin, not enabled by default, but rather handy. * Fix several broken links in the doc wiki.
* web commit by joeywww-data2006-04-25
|
* web commit by joeywww-data2006-04-25
|
* security updatejoey2006-04-25
|
* web commit by joeywww-data2006-04-25
|
* web commit by joeywww-data2006-04-25
|
* web commit by joeywww-data2006-04-25
|
* implemented html sanitisationjoey2006-04-25
|
* web commit by joeywww-data2006-04-25
|
* updatejoey2006-04-24
|
* updatejoey2006-04-24
|
* improve fix for symlink attacks to check subdirectories for symlinks toojoey2006-03-29
| | | | | before writing
* Implemented --underlaydir, and moved files provided by underlay out of docjoey2006-03-29
| | | | | | | | | so I don't need to maintain two copies anymore. You might also want to remove the files provided in the basewiki underlay from your wiki, if you have not created custom local versions of them, so that these pages will be automatically updated in future ikiwiki upgrades.
* added --getctimejoey2006-03-26
|
* found & fixed another symlink attackjoey2006-03-23
|
* added adminuser settings, globlist support, and used this to implement pagejoey2006-03-23
| | | | | locking
* web commit by joeywww-data2006-03-19
|
* web commit by joeywww-data2006-03-19
|
* web commit by joeywww-data2006-03-19
|
* web commit by joeywww-data2006-03-19
|
* web commit by joeywww-data2006-03-16
|
* web commit by joeywww-data2006-03-16
|
* web commit by joeywww-data2006-03-16
|
* web commit by joeywww-data2006-03-15
|
* web commit by joeywww-data2006-03-15
|
* web commit by joeywww-data2006-03-15
|
* foojoey2006-03-13
|
* security improvements, switched to single session db filejoey2006-03-12
|
* added signin form, although it needs to be hooked up to a user storejoey2006-03-12
|
* web commit from 66.118.98.137: www-data2006-03-11
|