| Commit message (Expand) | Author | Age |
|---|
| * | Add support for the universal edit button•••<http://universaleditbutton.org/>
Not forcing a rebuild on upgrade just for this.
| Joey Hess | 2008-06-21 |
| * | finishing touches on the new search plugin•••- Add a Help link.
- If the pageterm is too long, hash it.
| Joey Hess | 2008-06-04 |
| * | The search interface now allows searching for a page by title ("title:foo"), ... | Joey Hess | 2008-06-04 |
| * | prettify page names, and drop the redunadant url display | Joey Hess | 2008-06-03 |
| * | search: Converted to use xapian-omega.•••Everything is done except for the actual indexing. I plan to do incremental
indexing as pages change.
| Joey Hess | 2008-06-03 |
| * | improve wording | Joey Hess | 2008-05-30 |
| * | hashed password support, and empty password security fix•••This implements the previously documented hashed password support.
While implementing that, I noticed a security hole, which this commit
also fixes..
| Joey Hess | 2008-05-30 |
| * | Add rel=nofollow to edit links. This may prevent some spiders from pounding o... | Joey Hess | 2008-05-28 |
| * | response | Joey Hess | 2008-04-10 |
| * | Give the full path to the hyperestraier helpfile in estseek.conf. | Joey Hess | 2008-04-10 |
| * | Fix CSRF attacks against the preferences and edit forms. Closes: #475445•••The fix involved embedding the session id in the forms, and not allowing the
forms to be submitted if the embedded id does not match the session id.
In the case of the preferences form, if the session id is not embedded,
then the CGI parameters are cleared. This avoids a secondary attack where the
link to the preferences form prefills password or other fields, and
the user hits "submit" without noticing these prefilled values.
In the case of the editpage form, the anonok plugin can allow anyone to edit,
and so I chose not to guard against CSRF attacks against users who are not
logged in. Otherwise, it also embeds the session id and checks it.
For page editing, I assume that the user will notice if content or commit
message is changed because of CGI parameters, and won't blndly hit save page.
So I didn't block those CGI paramters. (It's even possible to use those CGI
parameters, for good, not for evil, I guess..)
The only other CSRF attack I can think of in ikiwiki involves the poll plugin.
It's certianly possible to set up a link that causes the user to unknowingly
vote in a poll. However, the poll plugin is not intended to be used for things
that people would want to attack, since anyone can after all edit the poll page
and fill in any values they like. So this "attack" is ignorable.
| Joey Hess | 2008-04-10 |
| * | * Add recentchangesdiff plugin that adds diffs to the recentchanges feeds.•••* rcs_diff is a new function that rcs modules should implement.
* Implemented rcs_diff for git, svn, and tla (tla version untested).
Mercurial and monotone still todo.
| Joey Hess | 2008-03-03 |
| * | * The search plugin needs to override <base> to point to the directory••• containing ikiwiki.cgi, but this should not change the urls to the style
sheets etc. Add a new forcebareurl parameter to misctemplate to allow
it to do that.
| Joey Hess | 2008-02-14 |
| * | Merge branch 'master' into prefix-directives•••Conflicts:
debian/changelog
templates/change.tmpl
| Josh Triplett | 2008-02-09 |
| |\ |
|
| | * | * Page templates can now use CTIME to show when the page was created. | Joey Hess | 2008-02-09 |
| | * | change wording | Joey Hess | 2008-02-09 |
| | * | reword to put the more important info (page names) nearer the front | Joey Hess | 2008-02-09 |
| * | | add ! prefix to some directives in templates, and to the recentchanges page | Joey Hess | 2008-02-05 |
| |/ |
|
| * | more whitespace nonsense | Joey Hess | 2008-01-29 |
| * | more HTML::Template fun•••fix whitespace that led to bad wrapping and display
| Joey Hess | 2008-01-29 |
| * | fix display of diff icon | Joey Hess | 2008-01-29 |
| * | * meta: Add pagespec functions to match against title, author, authorurl,••• license, and copyright. This can be used to create custom RecentChanges.
* meta: To support the pagespec functions, metadata about pages has to be
retained as pagestate.
* Fix encoding bug when pagestate values contained spaces.
| Joey Hess | 2008-01-29 |
| * | really use unmunged author in metadata | Joey Hess | 2008-01-29 |
| * | rename template | Joey Hess | 2008-01-29 |
| * | move message to end | Joey Hess | 2008-01-29 |
| * | more style improvements | Joey Hess | 2008-01-29 |
| * | fairly good css style for static recentchanges page•••The customary 2.5 hours of staring at random css turtorials later, here
is a pure css latout for the static recentchanges page that, while not as good
as the old table layout, it decent. And it works well in lynx. And
should generate some pretty nice rss too.
| Joey Hess | 2008-01-29 |
| * | non-tabular recentchanges display•••Doesn't look as good as the old table, but works as a rss feed.
| Joey Hess | 2008-01-29 |
| * | * Removed support for sending commit notification mails. Along with it went••• the svnrepo and notify settings, though both will be ignored if left in
setup files.
| Joey Hess | 2008-01-29 |
| * | proof of concept implementation of static recentchanges•••Currently hardcoded to write to recentchanges/*, and the page format needs
to be rethought to be usable for aggregation, but it basically works.
| Joey Hess | 2008-01-28 |
| * | add | Joey Hess | 2008-01-28 |
| * | include license/copyright/author info if available | Joey Hess | 2008-01-09 |
| * | * inline: Add copyright/license info on a per-post basis to atom••• feeds if available. (rss doesn't allow such info on a per-post basis)
* meta: Allow copyright/license metadata to contain arbitrary markup.
| Joey Hess | 2008-01-09 |
| * | * aggregate: Include copyright statements from rss feed as meta copyright••• directives.
* aggregate: Yet another state saving fix (sigh).
* aggregate: Add hack to support feeds with invalidly escaped html entities.
| Joey Hess | 2008-01-08 |
| * | Add xmlns attribute on html element in templates; pages can now validate. | Josh Triplett | 2007-11-08 |
| * | * Fix copyright and licence styling. | joey | 2007-09-20 |
| * | basic styling for license and copyright | joey | 2007-09-15 |
| * | bugfixes | joey | 2007-09-15 |
| * | * meta: Support license and copyright information. The information will••• be shown in the page footer. HTML will also be inserted that should
support the rel=license microformat as well as the HTML spec's
rel=copyright.
| joey | 2007-09-14 |
| * | * Applied Jeremie Koenig's pluggable editpage buttons patch:••• - add a title to the editpage form;
- pass a reference to the list of buttons to the formbuilder_setup
hooks, so we can add ours;
- relax asumption about the possible submit values (use "Save Page"
explicitly);
- de-hardcode the submit buttons from the editpage template
(This was needed for compatability with a bug in CGI::FormBuilder
3.0401, but ikiwiki already needs a newer version.)
* Pass buttons to all other formbuilder_setup hooks too.
| joey | 2007-08-17 |
| * | * Apply a patch from NicolasLimare adding modification date tags to rss and••• atom feeds, and also changing the publication time for a feed to the
newest modiciation time (was newest creation time).
* The patch also adds dcterms:creator to rss items that have a known author.
| joey | 2007-08-11 |
| * | * Wrap the editpage template in the standard misctemplate, this allows the••• pagetemplate hook to work for that page.
* Above change fixes the favicon plugin to work on edit pages.
| joey | 2007-07-16 |
| * | * More consistent encoding of titles in rss and atom feeds. Don't use••• ESCAPE=HTML for titles in the templates for these feeds, and instead
escape the title going in to the template. Previously, the title was
sometimes double-escaped in a feed (if set via meta title), and sometimes
not (if set from the page filename).
* In the meta plugin, when a title is set, encode the html entities in it
numerically. This works better in the current landscape of a rss spec that
doesn't specify encoding, and variously broken feed consumers, according
to <http://www.rssboard.org/rss-profile#data-types-characterdata>.
| joey | 2007-05-28 |
| * | * Make all templates have a footer div to ease themeing. Required template••• and style sheet updates, and unless you're using customised versions,
you'll want to rebuild wikis on upgrade to this version to avoid
inconsistencies.
* Allow WIKINAME to to used in footers, as an example of something to put
there.
| joey | 2007-05-11 |
| * | Remove img style attribute from recentchanges.tmpl; the default style.css cov... | joshtriplett | 2007-05-08 |
| * | don't generate tags span if there are no tags.. | joey | 2007-05-01 |
| * | remove empty footer, doesn't play well with new css | joey | 2007-04-29 |
| * | more footer improvements | joey | 2007-04-26 |
| * | * Move the footer div to enclose tags and links too.•••* More style sheet updates, remove the hack that used the tags div to create
the footer border.
| joey | 2007-04-26 |
| * | * Minor template improvements by Alessandro. | joey | 2007-04-18 |