| Commit message (Expand) | Author | Age |
|---|
| * | fix relativedate timezone inclusion•••The machine parseable date needs to include a timezone.
Also, simplified the interface for date display.
| Joey Hess | 2008-10-19 |
| * | remove old dup div | Joey Hess | 2008-10-18 |
| * | tweak recentchanges permalink code•••Need to handle the case where url is not set.
| Joey Hess | 2008-10-17 |
| * | Patch for anchor-based change permalinks in recent changes feed•••from JasonBlevins
| Joey Hess | 2008-10-17 |
| * | make relativedate work for the dates on the recentchanges page•••Having a always current relative date on recentchanges is very, very nice.
| Joey Hess | 2008-10-17 |
| * | relativedate: New javascript-alicious plugin that makes all dates display rel... | Joey Hess | 2008-10-17 |
| * | google plugin: Use google.com to search the local site.•••Google allows has a nice feature, sitesearch, that allows anyone to
limit search results to a specific site. Obviously, this feature can be
used to provide a search engine for the local ikiwiki site without the
need to install any additional software. Just enable the 'google' plugin
and make sure that --url uses the proper hostname. Thanks to Joey for
helping to get the Perl implementation right.
| Peter Simons | 2008-10-10 |
| * | multiple rename support is working•••most edge cases seem handled too
| Joey Hess | 2008-09-23 |
| * | avoid link fixup if page name stayed the same | Joey Hess | 2008-08-07 |
| * | Added a small icon to the search input box. | Joey Hess | 2008-08-06 |
| * | Escape HTML in Atom feed metadata rather than treating it as XHTML | Simon McVittie | 2008-07-31 |
| * | Escape HTML in RSS feeds, rather than relying on it being valid to stuff into... | Simon McVittie | 2008-07-31 |
| * | Escape HTML in Atom feeds, rather than relying on it being well-formed XHTML ... | Simon McVittie | 2008-07-31 |
| * | really rm ;-) | Joey Hess | 2008-07-29 |
| * | initial draft | Joey Hess | 2008-07-29 |
| * | link fixup on rename working | Joey Hess | 2008-07-23 |
| * | add a list of broken links after the rename | Joey Hess | 2008-07-22 |
| * | add a rename summary | Joey Hess | 2008-07-22 |
| * | Split out error messages from editpage.tmpl into several separate templates. | Joey Hess | 2008-07-22 |
| * | skeleton rename plugin | Joey Hess | 2008-07-21 |
| * | simplified confirmation form•••also, there's no titlepage conversion issues
| Joey Hess | 2008-07-21 |
| * | editpage: Don't show attachments link when attachments are disabled. | Joey Hess | 2008-07-21 |
| * | Use correct term prefixes when searching.•••The Z term prefix is for stemming and shouldn't be used here.
X is for custom fields.
| Gabriel McManus | 2008-07-19 |
| * | Oops, add missing </span> | Simon McVittie | 2008-07-15 |
| * | More CSS hooks for page.tmpl.•••I notice madduck.net already has a similar change :-)
| Simon McVittie | 2008-07-15 |
| * | Add more CSS hooks to inlinepage.tmpl•••* Wrap everything before the content in <div class="inlineheader">
* Wrap the inlined content itself in <div class="inlinecontent">
* Wrap everything after the content in <div class="inlinefooter">
| Simon McVittie | 2008-07-13 |
| * | Add more stylesheet hooks to the page template•••* Wrap header stuff, including actions, in <div class="pageheader">
(there is already a class="header", which is a subset of this, so
using id="header" would be confusing)
* Add class="pagefooter" to the existing <div id="footer">, for symmetry
| Simon McVittie | 2008-07-13 |
| * | Rename [[!inline atomid="..."]] to [[!inline guid="..."]] to be consistent wi... | Simon McVittie | 2008-07-12 |
| * | Accept [[!inline ... atomid="..."]] and use it to populate the feed's Atom <id>.•••This is often the same as the feed's <link> (in which case it can be omitted) but sometimes it's a urn:uuid: URN instead.
| Simon McVittie | 2008-07-12 |
| * | Add MIME type to Atom feeds' <link rel='self'> | Simon McVittie | 2008-07-12 |
| * | rename uuid to guid | Joey Hess | 2008-07-12 |
| * | rssitem.tmpl: use UUID as <guid> if supplied | Simon McVittie | 2008-07-11 |
| * | atomitem.tmpl: use UUID as <id> if supplied | Simon McVittie | 2008-07-11 |
| * | add br at top•••firefox 3 smooshed the page location dropdown up to the page title,
obscuring descenders and underscores. Maybe that's a bug, since the CSS
didn't ask it to, but I think adding the extra space of a br at the top
looks better anyway.
| Joey Hess | 2008-07-06 |
| * | toggle: Add javascript to top of page, not to end. This avoids flicker since ... | Joey Hess | 2008-07-02 |
| * | xhtml fixes | Joey Hess | 2008-07-02 |
| * | attachments interface visibility toggling | Joey Hess | 2008-07-02 |
| * | basic attachment list | Joey Hess | 2008-07-01 |
| * | add support for an attachment upload field•••FormBuilder makes it annoyingly hard to move a submit button to a
nonstandard place. The button name has to be "_submit" or FormBuilder will
ignore it.
| Joey Hess | 2008-06-30 |
| * | Add support for the universal edit button•••<http://universaleditbutton.org/>
Not forcing a rebuild on upgrade just for this.
| Joey Hess | 2008-06-21 |
| * | finishing touches on the new search plugin•••- Add a Help link.
- If the pageterm is too long, hash it.
| Joey Hess | 2008-06-04 |
| * | The search interface now allows searching for a page by title ("title:foo"), ... | Joey Hess | 2008-06-04 |
| * | prettify page names, and drop the redunadant url display | Joey Hess | 2008-06-03 |
| * | search: Converted to use xapian-omega.•••Everything is done except for the actual indexing. I plan to do incremental
indexing as pages change.
| Joey Hess | 2008-06-03 |
| * | improve wording | Joey Hess | 2008-05-30 |
| * | hashed password support, and empty password security fix•••This implements the previously documented hashed password support.
While implementing that, I noticed a security hole, which this commit
also fixes..
| Joey Hess | 2008-05-30 |
| * | Add rel=nofollow to edit links. This may prevent some spiders from pounding o... | Joey Hess | 2008-05-28 |
| * | response | Joey Hess | 2008-04-10 |
| * | Give the full path to the hyperestraier helpfile in estseek.conf. | Joey Hess | 2008-04-10 |
| * | Fix CSRF attacks against the preferences and edit forms. Closes: #475445•••The fix involved embedding the session id in the forms, and not allowing the
forms to be submitted if the embedded id does not match the session id.
In the case of the preferences form, if the session id is not embedded,
then the CGI parameters are cleared. This avoids a secondary attack where the
link to the preferences form prefills password or other fields, and
the user hits "submit" without noticing these prefilled values.
In the case of the editpage form, the anonok plugin can allow anyone to edit,
and so I chose not to guard against CSRF attacks against users who are not
logged in. Otherwise, it also embeds the session id and checks it.
For page editing, I assume that the user will notice if content or commit
message is changed because of CGI parameters, and won't blndly hit save page.
So I didn't block those CGI paramters. (It's even possible to use those CGI
parameters, for good, not for evil, I guess..)
The only other CSRF attack I can think of in ikiwiki involves the poll plugin.
It's certianly possible to set up a link that causes the user to unknowingly
vote in a poll. However, the poll plugin is not intended to be used for things
that people would want to attack, since anyone can after all edit the poll page
and fill in any values they like. So this "attack" is ignorable.
| Joey Hess | 2008-04-10 |