| Commit message (Expand) | Author | Age |
|---|
| * | releasing version 2.61 | Joey Hess | 2008-08-14 |
| * | releasing version 2.60 | Joey Hess | 2008-08-12 |
| * | Danish update. Closes: #494632 | Joey Hess | 2008-08-11 |
| * | Options set in the setup file are now immediatly loaded by ikiwiki -setup. Th... | Joey Hess | 2008-08-06 |
| * | add a guard against multiple cgi or rcs wrappers | Joey Hess | 2008-08-05 |
| * | add advanced and basic modes | Joey Hess | 2008-08-03 |
| * | websetup form display done | Joey Hess | 2008-08-02 |
| * | banned_users move to setup file, stage 1 | Joey Hess | 2008-08-01 |
| * | admin prefs move to setup file, stage 1•••The locked pages configuration is moving to a locked_pages option in the
setup file, and the allowed attachments configuration to
allowed_attachments. The admin prefs page can still be used for these, but
that's depreacted and will only be shown if there's currently a value.
| Joey Hess | 2008-08-01 |
| * | releasing version 2.56 | Joey Hess | 2008-07-31 |
| * | fix feed urls•••The fix for colons involved adding "./" to some urls. Due to the weird way
inline called urlto, these snuck into feed urls and permalinks. Fix it by
adding an optional third parameter to urlto.
| Joey Hess | 2008-07-25 |
| * | comments | Joey Hess | 2008-07-25 |
| * | link fixup on rename working | Joey Hess | 2008-07-23 |
| * | Split out error messages from editpage.tmpl into several separate templates. | Joey Hess | 2008-07-22 |
| * | releasing version 2.54 | Joey Hess | 2008-07-21 |
| * | switch preprocess hooks to use error function | Joey Hess | 2008-07-13 |
| * | only htmlize errors when cgi is actually running | Joey Hess | 2008-07-12 |
| * | whitespace | Joey Hess | 2008-07-11 |
| * | releasing version 2.53 | Joey Hess | 2008-07-09 |
| * | improve error message if virus checker fails w/o output | Joey Hess | 2008-07-09 |
| * | response | Joey Hess | 2008-07-08 |
| * | releasing version 2.52 | Joey Hess | 2008-07-06 |
| * | editpage escaping fixes•••* The editpage form now uses the raw page name, not the page title, in its
'page' cgi parameter. Using the title was ambiguous and made it
impossible to tell between some pages, like "foo/bar" and "foo__47__bar",
sometimes causing the wrong page to be edited.
* This change means that some edit links need to be updated.
Force a rebuild on upgrade to this version.
* Above change also allowed really fixing escaped slashes from the blogpost
form.
| Joey Hess | 2008-07-06 |
| * | typo | Joey Hess | 2008-07-02 |
| * | call format hooks when generating page previews•••* toc: Revert change in 2.45 that made it run at sanitize time. This breaks
use of toc in a sidebar.
* Call format hooks when generating page previews, thus fixing toc display
there, as well as fixing inlins to again display in page previews, since
it's started using format hooks. This also allows several other things,
like embed, that use format hooks, to work during page preview time.
* Format hooks should not rely on getting an entire html document, as they
will only get the body during page preview.
* toggle: Deal with preview mode when adding javascript.
| Joey Hess | 2008-06-28 |
| * | releasing version 2.50 | Joey Hess | 2008-06-13 |
| * | img: Support captions. | Joey Hess | 2008-06-07 |
| * | finishing touches on the new search plugin•••- Add a Help link.
- If the pageterm is too long, hash it.
| Joey Hess | 2008-06-04 |
| * | also decode html entities in the title | Joey Hess | 2008-06-04 |
| * | Pass a destpage parameter to the sanitize hook.•••Because the search plugin needed it, also because it's one of the few
plugins that didn't already have it.
I also considered adding it to htmlize, but I really cannot imagine caring
what the destpage is when htmlizing. (I'll probably be poven wrong later.)
| Joey Hess | 2008-06-04 |
| * | move indexing to sanitize hook•••I think this will give better results overall.
I made %IkiWiki::preprocessing accessible and used it to avoid indexing
at unnecessary points.
| Joey Hess | 2008-06-04 |
| * | more search improvements | Joey Hess | 2008-06-04 |
| * | updated French translation | Joey Hess | 2008-05-30 |
| * | hashed password support, and empty password security fix•••This implements the previously documented hashed password support.
While implementing that, I noticed a security hole, which this commit
also fixes..
| Joey Hess | 2008-05-30 |
| * | releasing version 2.47 | Joey Hess | 2008-05-25 |
| * | releasing version 2.46 | Joey Hess | 2008-05-12 |
| * | pinger/pingee now tested and working | Joey Hess | 2008-05-06 |
| * | aggregate: Add support for web-based triggering of aggregation for people st... | Joey Hess | 2008-05-05 |
| * | releasing version 2.45 | Joey Hess | 2008-05-05 |
| * | enhancesments for shared hosting•••* Add a Bundle::Ikiwiki to the source for use with CPAN to install *all*
the modules ikiwiki can use.
* Add a cpan directory containing a CPAN::MyConfig that can ease use of
CPAN to install in a home directory on shared hosting providers.
* With these changes, it's pretty easy to install onto nearlyfreespeech.net
and probably other shared hosting providers like dreamhost. Added
a tip page documentng the process for nearlyfreespeech.
| Joey Hess | 2008-05-05 |
| * | Fix ugly display when editing a page that has vanished.•••srcfile now has an optional second parameter to avoid it throwing an error
if the source file does not exist.
| Joey Hess | 2008-05-02 |
| * | Add missing de.po. Closes: #471540 | Joey Hess | 2008-04-29 |
| * | releasing version 2.44 | Joey Hess | 2008-04-24 |
| * | releasing version 2.43 | Joey Hess | 2008-04-16 |
| * | Fix CSRF attacks against the preferences and edit forms. Closes: #475445•••The fix involved embedding the session id in the forms, and not allowing the
forms to be submitted if the embedded id does not match the session id.
In the case of the preferences form, if the session id is not embedded,
then the CGI parameters are cleared. This avoids a secondary attack where the
link to the preferences form prefills password or other fields, and
the user hits "submit" without noticing these prefilled values.
In the case of the editpage form, the anonok plugin can allow anyone to edit,
and so I chose not to guard against CSRF attacks against users who are not
logged in. Otherwise, it also embeds the session id and checks it.
For page editing, I assume that the user will notice if content or commit
message is changed because of CGI parameters, and won't blndly hit save page.
So I didn't block those CGI paramters. (It's even possible to use those CGI
parameters, for good, not for evil, I guess..)
The only other CSRF attack I can think of in ikiwiki involves the poll plugin.
It's certianly possible to set up a link that causes the user to unknowingly
vote in a poll. However, the poll plugin is not intended to be used for things
that people would want to attack, since anyone can after all edit the poll page
and fill in any values they like. So this "attack" is ignorable.
| Joey Hess | 2008-04-10 |
| * | Added a hardlink option in the setup file, useful if the source and dest are ... | Joey Hess | 2008-03-29 |
| * | defer po and pot file updating until package build time•••This allows make to be run without polluting the tree with lots of po file
changes.
| Joey Hess | 2008-03-21 |
| * | * French translation update. Closes: #471010 | Joey Hess | 2008-03-15 |
| * | truncate recentchangesdiffs after 200 lines•••This works around a perl crasher bug, and also avoids bloating pages
with enormous diffs.
rcs_recentchanges modified to return a list in an array context.
| Joey Hess | 2008-03-12 |
| * | * Use forcebaseurl to make page previews be displayed with the html base••• set to the destination page. This avoids need for hacks to munge the urls
in preview mode, which fixes several bugs.
* Several destpage fixes in plugins.
| Joey Hess | 2008-03-12 |