ikiwiki - [no description]

	Commit message (Collapse)	Author	Age
*	Exclude working directory from library path (CVE-2016-1238)	Simon McVittie	2016-07-28
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Current Perl versions put '.' at the end of the library search path @INC, although this will be fixed in a future Perl release. This means that when software loads an optionally-present module, it will be looked for in the current working directory before giving up. An attacker could use this to execute arbitrary Perl code from ikiwiki's current working directory. Removing '.' from the library search path in Perl is the correct fix for this vulnerability, but is not trivial to do due to backwards-compatibility concerns. Mitigate this (even if ikiwiki is run with a vulnerable Perl version) by explicitly removing '.' from the search path, and instead looking for ikiwiki's own modules relative to the absolute path of the executable when run from the source directory. In tests that specifically want to use the current working directory, use "-I".getcwd instead of "-I." so we use its absolute path, which is immune to the removal of ".".
*	Standardize on --long-option instead of -long-option	Simon McVittie	2015-03-01
\| \| \| \| \| \| \| \| \| \|	[[forum/refresh_and_setup]] indicates some confusion between --setup and -setup. Both work, but it's clearer if we stick to one in documentation and code. A 2012 commit to [[plugins/theme]] claims that "-setup" is required and "--setup" won't work, but I cannot find any evidence in ikiwiki's source code that this has ever been the case.
*	improve usage message	Joey Hess	2011-06-13
\|
*	rcs_commit and rcs_commit_staged api changes	Joey Hess	2010-06-23
\| \| \| \| \| \| \| \| \| \| \|	Using named parameters for these is overdue. Passing the session in a parameter instead of passing username and IP separately will later allow storing other session info, like username or part of the email. Note that these functions are not part of the exported API, and the prototype change will catch (most) skew, so I am not changing API versions. Any third-party plugins that call them will need updated though.
*	fix parameter parsing when pagespec is ommited, and year is present	Joey Hess	2010-04-15
\|
*	propigate ikiwiki setup error out	Joey Hess	2010-04-15
\|
*	calendar: Add archive_pagespec, which is used by ikiwiki-calendar to specify ↵	Joey Hess	2010-04-15
\| \| \| \|	which pages to include on the calendar archive pages. (The pagespec can still also be specified on the ikiwiki-calendar command line.)
*	Add preprocessed 'use lib' line to ikiwiki-transition and ikiwiki-calendar ↵	Joey Hess	2010-03-26
	if necessary for unusual install.