ikiwiki - [no description]

	Commit message (Collapse)	Author	Age
*	Exclude working directory from library path (CVE-2016-1238)	Simon McVittie	2016-07-28
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Current Perl versions put '.' at the end of the library search path @INC, although this will be fixed in a future Perl release. This means that when software loads an optionally-present module, it will be looked for in the current working directory before giving up. An attacker could use this to execute arbitrary Perl code from ikiwiki's current working directory. Removing '.' from the library search path in Perl is the correct fix for this vulnerability, but is not trivial to do due to backwards-compatibility concerns. Mitigate this (even if ikiwiki is run with a vulnerable Perl version) by explicitly removing '.' from the search path, and instead looking for ikiwiki's own modules relative to the absolute path of the executable when run from the source directory. In tests that specifically want to use the current working directory, use "-I".getcwd instead of "-I." so we use its absolute path, which is immune to the removal of ".".
*	Compose relative URLs in RSS feeds correctly	Simon McVittie	2016-01-21
\| \| \| \| \| \| \|	If the relative link from the (page generating the) RSS to the target would start with "./" or "../", just concatenating it with the URL to the directory containing the RSS is not sufficient. Go via URI::new_abs to fix this.
*	Merge remote-tracking branch 'smcv/ready/limit'	Simon McVittie	2015-11-30
\|\
\| *	Rename show parameter of [[!inline]] and [[!pagestats]] to limit	Simon McVittie	2014-09-14
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	The old name still works, if its value is numeric. This name allows a non-numeric "show" to mean the same thing it does for [[!map]] (show title, show description, etc.).
* \|	Run autopkgtest tests using autodep8 and the pkg-perl team's infrastructure	Simon McVittie	2015-11-30
\| \|
* \|	Squelch regex deprecation warnings from Perl 5.22.	Amitai Schlair	2015-06-14
\| \| \| \| \| \| \| \| \| \| \| \|	Specifically: "Unescaped left brace in regex is deprecated, passed through in regex"
* \|	t/inline.t: accept translations of "Add a new post titled:" (Closes: #779365)	Simon McVittie	2015-03-01
\| \|
* \|	Standardize on --long-option instead of -long-option	Simon McVittie	2015-03-01
\|/ \| \| \| \| \| \| \| \| \|	[[forum/refresh_and_setup]] indicates some confusion between --setup and -setup. Both work, but it's clearer if we stick to one in documentation and code. A 2012 commit to [[plugins/theme]] claims that "-setup" is required and "--setup" won't work, but I cannot find any evidence in ikiwiki's source code that this has ever been the case.
*	extend regression test for inline to cover inlining, show, reverse	Simon McVittie	2014-09-14
\|
*	inline: postform=no should take precedence over rootpage existing	Simon McVittie	2014-07-04
	If someone has explicitly disabled the postform, it seems reasonable from a least-astonishment point of view for that to take precedence over rootpage, even though that makes rootpage useless. Also add a regression test; so far, this is all it tests.