Joey Hess [Thu, 10 Apr 2008 21:24:08 +0000 (17:24 -0400)]
releasing version 2.42
Joey Hess [Thu, 10 Apr 2008 21:12:55 +0000 (17:12 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info
Joey Hess [Thu, 10 Apr 2008 21:09:58 +0000 (17:09 -0400)]
perl dumping core is not an ikiwiki bug, sorry
Joey Hess [Thu, 10 Apr 2008 20:46:23 +0000 (16:46 -0400)]
web commit by http://joey.kitenet.net/: test
Joey Hess [Thu, 10 Apr 2008 20:35:50 +0000 (16:35 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info
Joey Hess [Thu, 10 Apr 2008 20:35:30 +0000 (16:35 -0400)]
Fix CSRF attacks against the preferences and edit forms. Closes: #475445
The fix involved embedding the session id in the forms, and not allowing the
forms to be submitted if the embedded id does not match the session id.
In the case of the preferences form, if the session id is not embedded,
then the CGI parameters are cleared. This avoids a secondary attack where the
link to the preferences form prefills password or other fields, and
the user hits "submit" without noticing these prefilled values.
In the case of the editpage form, the anonok plugin can allow anyone to edit,
and so I chose not to guard against CSRF attacks against users who are not
logged in. Otherwise, it also embeds the session id and checks it.
For page editing, I assume that the user will notice if content or commit
message is changed because of CGI parameters, and won't blndly hit save page.
So I didn't block those CGI paramters. (It's even possible to use those CGI
parameters, for good, not for evil, I guess..)
The only other CSRF attack I can think of in ikiwiki involves the poll plugin.
It's certianly possible to set up a link that causes the user to unknowingly
vote in a poll. However, the poll plugin is not intended to be used for things
that people would want to attack, since anyone can after all edit the poll page
and fill in any values they like. So this "attack" is ignorable.
Joey Hess [Thu, 10 Apr 2008 20:08:59 +0000 (16:08 -0400)]
fix what I think is a typo
Joey Hess [Thu, 10 Apr 2008 18:45:00 +0000 (14:45 -0400)]
web commit by http://joey.kitenet.net/: oops :-)
Joey Hess [Thu, 10 Apr 2008 18:43:58 +0000 (14:43 -0400)]
web commit by http://joey.kitenet.net/
Joey Hess [Thu, 10 Apr 2008 17:01:27 +0000 (13:01 -0400)]
web commit by ScottSwalwell: Fixed my fix.
Joey Hess [Thu, 10 Apr 2008 17:00:36 +0000 (13:00 -0400)]
web commit by ScottSwalwell: Fixed this link.
Joey Hess [Thu, 10 Apr 2008 05:06:21 +0000 (01:06 -0400)]
web commit by cjb: Fixed URL
Joey Hess [Thu, 10 Apr 2008 04:09:07 +0000 (00:09 -0400)]
web commit by cjb: Tagged
Joey Hess [Thu, 10 Apr 2008 04:07:59 +0000 (00:07 -0400)]
web commit by cjb: Suggested patch for 302 redirect after page creation when using bzr
Joey Hess [Thu, 10 Apr 2008 02:34:44 +0000 (22:34 -0400)]
web commit by http://sabr.myopenid.com/
Joey Hess [Thu, 10 Apr 2008 01:56:41 +0000 (21:56 -0400)]
web commit by http://sabr.myopenid.com/
Joey Hess [Thu, 10 Apr 2008 01:55:32 +0000 (21:55 -0400)]
web commit by http://sabr.myopenid.com/
Joey Hess [Thu, 10 Apr 2008 01:33:30 +0000 (21:33 -0400)]
web commit by http://sabr.myopenid.com/
Joey Hess [Wed, 9 Apr 2008 23:34:08 +0000 (19:34 -0400)]
web commit by http://sabr.myopenid.com/
Joey Hess [Wed, 9 Apr 2008 21:45:06 +0000 (17:45 -0400)]
web commit by http://sabr.myopenid.com/
Joey Hess [Wed, 9 Apr 2008 21:39:22 +0000 (17:39 -0400)]
web commit by http://sabr.myopenid.com/
Joey Hess [Wed, 9 Apr 2008 21:37:22 +0000 (17:37 -0400)]
web commit by http://sabr.myopenid.com/
Joey Hess [Wed, 9 Apr 2008 21:29:53 +0000 (17:29 -0400)]
web commit by http://sabr.myopenid.com/
Joey Hess [Wed, 9 Apr 2008 21:29:19 +0000 (17:29 -0400)]
web commit by http://sabr.myopenid.com/
Joey Hess [Wed, 9 Apr 2008 20:58:29 +0000 (16:58 -0400)]
web commit by sabr.myopenid.com/: poll vote (Accept only OpenID for logins)
Joey Hess [Wed, 9 Apr 2008 06:45:14 +0000 (02:45 -0400)]
web commit by http://sabr.myopenid.com/
Joey Hess [Wed, 9 Apr 2008 06:43:19 +0000 (02:43 -0400)]
web commit by http://sabr.myopenid.com/
Joey Hess [Wed, 9 Apr 2008 06:42:29 +0000 (02:42 -0400)]
web commit by http://sabr.myopenid.com/
Joey Hess [Wed, 9 Apr 2008 06:41:29 +0000 (02:41 -0400)]
web commit by http://sabr.myopenid.com/
Joey Hess [Wed, 9 Apr 2008 06:36:12 +0000 (02:36 -0400)]
web commit by http://sabr.myopenid.com/
Joey Hess [Tue, 8 Apr 2008 19:37:11 +0000 (15:37 -0400)]
web commit by ittayd
Joey Hess [Tue, 8 Apr 2008 18:37:31 +0000 (14:37 -0400)]
web commit by http://sabr.myopenid.com/
Joey Hess [Tue, 8 Apr 2008 18:33:13 +0000 (14:33 -0400)]
web commit by http://sabr.myopenid.com/
Joey Hess [Tue, 8 Apr 2008 17:18:35 +0000 (13:18 -0400)]
web commit by http://sabr.myopenid.com/
Joey Hess [Tue, 8 Apr 2008 16:52:48 +0000 (12:52 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info
Joey Hess [Mon, 7 Apr 2008 15:47:14 +0000 (11:47 -0400)]
web commit by http://xayk.net/
(cherry picked from commit
146b3d9ac2754112e7c6c63f7c2e783ac2bf4dbe)
Joey Hess [Tue, 8 Apr 2008 06:34:03 +0000 (02:34 -0400)]
web commit by http://sabr.myopenid.com/
(cherry picked from commit
8e4a0640c591df95810fe94ab62521030134823b)
Joey Hess [Tue, 8 Apr 2008 13:49:37 +0000 (09:49 -0400)]
web commit by cjb: Trivial syntax bug.
Joey Hess [Fri, 4 Apr 2008 10:49:43 +0000 (06:49 -0400)]
web commit by cstork.org/: poll vote (Accept only OpenID for logins)
Joey Hess [Thu, 3 Apr 2008 20:37:05 +0000 (16:37 -0400)]
need to handle urls to images the same
Also, simplified finding the url to the top of the site.
Manoj Srivastava [Wed, 2 Apr 2008 17:01:25 +0000 (12:01 -0500)]
Bug#473987: [PATCH] Links relative to baseurl mangled in atom/rss feeds
tag 473987 +patch
thanks
Hi,
The issue is that we need to convert relative links to absolute
ones for atom and rss feeds -- but there are two types of
relative links. The first kind, relative to the current
document ( href="some/path") is handled correctly. The second
kind of relative url is is relative to the http server
base (href="/semi-abs/path"), and that broke.
It broke because we just prepended the url of the current
document to the href (http://host/path/to/this-doc/ + link),
which gave us, in the first place:
http://host/path/to/this-doc/some/path [correct], and
http://host/path/to/this-doc//semi-abs/path [wrong]
The fix is to calculate the base for the http server (the base of
the wiki does not help, since the base of the wiki can be
different from the base of the http server -- I have, for example,
"url => http://host.name.mine/blog/manoj/"), and prepend that to
the relative references that start with a /.
This has been tested.
Signed-off-by: Manoj Srivastava <srivasta@debian.org>
Joey Hess [Thu, 3 Apr 2008 06:36:16 +0000 (02:36 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info
Joey Hess [Thu, 3 Apr 2008 06:36:01 +0000 (02:36 -0400)]
aggregate: Correct a mistake in the code that dummy up a guid for feeds lacking one.
Joey Hess [Thu, 3 Apr 2008 02:52:46 +0000 (22:52 -0400)]
web commit by inthemedium.myopenid.com/: poll vote (Accept only OpenID for logins)
Joey Hess [Wed, 2 Apr 2008 19:04:58 +0000 (15:04 -0400)]
many thanks to madduck for his donation
Joey Hess [Wed, 2 Apr 2008 17:51:12 +0000 (13:51 -0400)]
web commit by montyz.livejournal.com/: more make woes
Joey Hess [Wed, 2 Apr 2008 12:44:23 +0000 (08:44 -0400)]
web commit by alcopop.org/me/openid/: formatting, tagging
Joey Hess [Wed, 2 Apr 2008 12:40:59 +0000 (08:40 -0400)]
web commit by alcopop.org/me/openid/: minor documentation adjustment
Joey Hess [Wed, 2 Apr 2008 02:44:17 +0000 (22:44 -0400)]
web commit by http://claimid.com/bug
Joey Hess [Tue, 1 Apr 2008 23:14:09 +0000 (19:14 -0400)]
web commit by jblevins.org/: A plain SVG version of the ikiwiki favicon
Joey Hess [Tue, 1 Apr 2008 23:07:00 +0000 (19:07 -0400)]
web commit by http://jblevins.org/: My user page
Joey Hess [Tue, 1 Apr 2008 22:35:02 +0000 (18:35 -0400)]
web commit by jblevins.org/: Re: A make problem
Joey Hess [Tue, 1 Apr 2008 21:10:26 +0000 (17:10 -0400)]
response
Joey Hess [Tue, 1 Apr 2008 17:04:14 +0000 (13:04 -0400)]
web commit by montyz.livejournal.com/: A make problem
Joey Hess [Sun, 30 Mar 2008 01:17:27 +0000 (21:17 -0400)]
add news item for ikiwiki 2.41
Joey Hess [Sun, 30 Mar 2008 01:17:15 +0000 (21:17 -0400)]
releasing version 2.41
Joey Hess [Sun, 30 Mar 2008 01:02:47 +0000 (21:02 -0400)]
Added a hardlink option in the setup file, useful if the source and dest are on the same filesystem and the wiki includes large media files, which would normally be copied, wasting time and space.
Joey Hess [Fri, 28 Mar 2008 18:35:49 +0000 (14:35 -0400)]
wiki gnomes at work
Joey Hess [Fri, 28 Mar 2008 17:20:19 +0000 (13:20 -0400)]
web commit by subvert.org.uk/~bma/: Add stylesheet.
Joey Hess [Fri, 28 Mar 2008 17:19:29 +0000 (13:19 -0400)]
web commit by subvert.org.uk/~bma/: Link to new stylesheet.
Joey Hess [Fri, 28 Mar 2008 17:07:23 +0000 (13:07 -0400)]
web commit by subvert.org.uk/~bma/: Update my URLs.
Joey Hess [Fri, 28 Mar 2008 04:57:49 +0000 (00:57 -0400)]
web commit by http://certifi.ca/bronson
Joey Hess [Thu, 27 Mar 2008 14:06:59 +0000 (10:06 -0400)]
web commit by weakish.int.eu.org/: invalid link
Joey Hess [Thu, 27 Mar 2008 12:31:31 +0000 (08:31 -0400)]
web commit from 78.106.64.225: poll vote (Accept only password logins)
Josh Triplett [Thu, 27 Mar 2008 01:16:58 +0000 (18:16 -0700)]
Remove explanation of ohloh shortcut; it seems obvious enough.
Josh Triplett [Thu, 27 Mar 2008 01:06:25 +0000 (18:06 -0700)]
Add shortcut for ohloh projects.
Joey Hess [Tue, 25 Mar 2008 20:12:34 +0000 (16:12 -0400)]
web commit by buo: Thanks
Joey Hess [Tue, 25 Mar 2008 20:11:34 +0000 (16:11 -0400)]
web commit by buo: locales and mercurial
Joey Hess [Tue, 25 Mar 2008 03:23:52 +0000 (23:23 -0400)]
web commit by willu.myopenid.com/: Add note about rel="nofollow" as an anti-spam suggestion
Joey Hess [Mon, 24 Mar 2008 19:47:13 +0000 (15:47 -0400)]
web commit by jblevins.org/: htmlscrubber patch to sanitize SVG and MathML
Joey Hess [Mon, 24 Mar 2008 04:19:49 +0000 (00:19 -0400)]
web commit by http://mjgoins.myopenid.com/
Joey Hess [Mon, 24 Mar 2008 04:18:47 +0000 (00:18 -0400)]
web commit by http://mjgoins.myopenid.com/
Joey Hess [Mon, 24 Mar 2008 02:08:02 +0000 (22:08 -0400)]
web commit by jblevins.org/: Thoughts about notation for citations
Joey Hess [Mon, 24 Mar 2008 00:01:26 +0000 (20:01 -0400)]
revert destpage part of
f7bdc2385
destpage does not normally need to be worried about when creating other files
as part of the process of rendering a page. Using destpage results in
inlined pages creating two copies of such files. It works to not use destpage
in this case because the inlining page depends on the source page, so if the
source page is modified or deleted the inlining page will be updated.
Joey Hess [Sun, 23 Mar 2008 21:39:03 +0000 (17:39 -0400)]
inline: Allow the "feedshow" parameter to take values greater than the value for "show".
Joey Hess [Sat, 22 Mar 2008 17:57:01 +0000 (13:57 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info
Joey Hess [Sat, 22 Mar 2008 17:56:44 +0000 (13:56 -0400)]
add loadindex/saveindex test suite
Joey Hess [Sat, 22 Mar 2008 16:02:39 +0000 (12:02 -0400)]
web commit by madduck.net/: add note about whole site rebuilds for little changes
Joey Hess [Sat, 22 Mar 2008 14:48:45 +0000 (10:48 -0400)]
web commit by jblevins.org/: Notes about access keys from the main discussion page
Joey Hess [Fri, 21 Mar 2008 23:45:38 +0000 (19:45 -0400)]
web commit by madduck.net/: put thoughts into the wishlist item
martin f. krafft [Fri, 21 Mar 2008 22:41:23 +0000 (23:41 +0100)]
scan hook works, remove NotImplemented exception
Signed-off-by: martin f. krafft <madduck@madduck.net>
martin f. krafft [Fri, 21 Mar 2008 22:36:58 +0000 (23:36 +0100)]
Do not output xml-rpc debugging
Signed-off-by: martin f. krafft <madduck@madduck.net>
martin f. krafft [Fri, 21 Mar 2008 22:34:25 +0000 (23:34 +0100)]
Flesh out pythondemo
This implements most hooks with stupid demo code, and also still has
some TODO items.
Signed-off-by: martin f. krafft <madduck@madduck.net>
martin f. krafft [Fri, 21 Mar 2008 22:17:38 +0000 (23:17 +0100)]
Handle going down with an exception
We previously used None as a sentinel to exit, but None is now a proper
value, so now it's the job of an exception-like object (except it isn't
an exception).
Signed-off-by: martin f. krafft <madduck@madduck.net>
martin f. krafft [Fri, 21 Mar 2008 22:17:37 +0000 (23:17 +0100)]
put XMLStreamParser in public namespace
Since we might throw sub-class exceptions, the class should be in the
public namespace, meaning its name should not be prefixed with _.
Signed-off-by: martin f. krafft <madduck@madduck.net>
Joey Hess [Fri, 21 Mar 2008 23:09:41 +0000 (19:09 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info
Joey Hess [Fri, 21 Mar 2008 23:09:29 +0000 (19:09 -0400)]
typos
Joey Hess [Fri, 21 Mar 2008 22:14:06 +0000 (18:14 -0400)]
web commit by jblevins.org/: Ideas about keyboard shortcuts
Joey Hess [Fri, 21 Mar 2008 20:34:17 +0000 (16:34 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info
Joey Hess [Fri, 21 Mar 2008 20:32:23 +0000 (16:32 -0400)]
defer po and pot file updating until package build time
This allows make to be run without polluting the tree with lots of po file
changes.
Joey Hess [Fri, 21 Mar 2008 20:21:18 +0000 (16:21 -0400)]
web commit by http://madduck.net/
Joey Hess [Fri, 21 Mar 2008 19:41:41 +0000 (15:41 -0400)]
on css suckitude
Joey Hess [Fri, 21 Mar 2008 19:12:15 +0000 (15:12 -0400)]
external: Work around XML RPC's lack of support for null by passing a special sentinal value.
martin f. krafft [Fri, 21 Mar 2008 18:12:16 +0000 (19:12 +0100)]
Allow individual hook registration to override ID
The preprocessor hooks need to specify IDs different from the ID used to
initialise the proxy. Thus, the hook function now takes an optional id
keyword argument and uses the ID used during initialisation if none is
provided.
Signed-off-by: martin f. krafft <madduck@madduck.net>
martin f. krafft [Fri, 21 Mar 2008 18:12:15 +0000 (19:12 +0100)]
Refactor remote procedure calls in the proxy
Add an rpc() method to the proxy to allow users to call remote
procedures, and route the proxy's own import registration via this
function.
Also, implement convenience functions for the RPC calls exported in the
IkiWiki::XML::RPC namespace.
Signed-off-by: martin f. krafft <madduck@madduck.net>
martin f. krafft [Fri, 21 Mar 2008 18:12:14 +0000 (19:12 +0100)]
Make proxy object available to hook functions
Hook functions now get the proxy object as first argument to be able to
use RPC via the proxy.
Signed-off-by: martin f. krafft <madduck@madduck.net>
martin f. krafft [Fri, 21 Mar 2008 18:12:13 +0000 (19:12 +0100)]
add last parameter to plugin registration
Signed-off-by: martin f. krafft <madduck@madduck.net>
martin f. krafft [Fri, 21 Mar 2008 18:12:12 +0000 (19:12 +0100)]
Allow external plugins to return no value
Instead of using the XML-RPC v2 extension <nil/>, which Perl's
XML::RPC::Parser does not (yet) support (Joey's patch is pending), we
agreed on a sentinel: {'null':''}, that is, a hash with a single key
"null" pointing to the empty string.
The Python proxy automatically converts None appropriately and raises an
exception if a hook function should, by weird coincidence, attempt to
return {'null':''}.
Signed-off-by: martin f. krafft <madduck@madduck.net>
Joey Hess [Fri, 21 Mar 2008 18:53:41 +0000 (14:53 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info
Joey Hess [Fri, 21 Mar 2008 18:42:59 +0000 (14:42 -0400)]
fix page source storing
This saves space, and stores the data under the right keys.