Joey Hess [Sun, 30 Aug 2009 21:49:38 +0000 (17:49 -0400)]
CVE
Joey Hess [Sun, 30 Aug 2009 19:36:41 +0000 (15:36 -0400)]
finalizing this release
Joey Hess [Sun, 30 Aug 2009 19:08:13 +0000 (15:08 -0400)]
teximg: Make TeX handle preventing unsafe things; remove insufficient blacklist
TeX has configuration options that prevent unsafe things like shell
escapes and insecure file reads/writes. Turn all of them on.
teximg's regex-based blacklist does not suffice. For instance:
[[!teximg code="""
\catcode`\%=0
%input{/etc/passwd}
"""]]
Remove the blacklist, since the TeX configuration options seal off the
underlying mechanisms more safely, and the blacklist blocks other TeX
commands that can prove useful.
(cherry picked from commit
9f75d3b1f3c43820cff9ce554601f64c60d72b14)
Conflicts:
IkiWiki/Plugin/teximg.pm
debian/changelog
Joey Hess [Sat, 29 Aug 2009 03:44:49 +0000 (23:44 -0400)]
img: Don't generate new verison of image if it is scaled to be larger in either dimension.
Although imagemagick handles even really large sizes sanely, using a page
file, doing so would just waste time and disk space, since the browser
can be told to resize it larger.
Conflicts:
IkiWiki/Plugin/img.pm
debian/changelog
Joey Hess [Wed, 12 Nov 2008 23:17:35 +0000 (18:17 -0500)]
releasing version 2.53.3
Joey Hess [Wed, 12 Nov 2008 22:39:42 +0000 (17:39 -0500)]
check for invalid utf-8, and toss it back to avoid crashes
Since ikiwiki uses open :utf8, perl assumes that files contain valid utf-8.
If it turns out to be malformed it may later crash while processing strings
read from them, with 'Malformed UTF-8 character (fatal)'.
As at least a quick fix, use utf8::valid as soon as data is read, and if
it's not valid, call encode_utf8 on the string, thus clearing the utf-8
flag. This may cause follow-on encoding problems, but will avoid this
crash, and the input file was broken anyway, so GIGO is a reasonable
response. (I looked at calling decode_utf8 after, but it seemed to cause
more trouble than it was worth. BTW, use open ':encoding(utf8)' avaoids
this problem, but the corrupted data later causes Storable to crash when
writing the index.)
This is a quick fix, clearly imperfect:
- It might be better to explicitly call decode_utf8 when reading files,
rather than using the IO layer.
- Data read other than by readfile() can still sneak in bad utf-8. While
ikiwiki does very little file input not using it, stdin for the CGI
would be one way.
(cherry picked from commit
716560b7f15b6e15b246c39c11eb8181d91c8662)
Conflicts:
debian/changelog
Joey Hess [Thu, 9 Oct 2008 23:12:51 +0000 (19:12 -0400)]
orphans: Fix unquoted page name in regexp.
(cherry picked from commit
a473cb2f74738d369130135b8c3ce0f6ef66af02)
Joey Hess [Mon, 8 Sep 2008 16:10:12 +0000 (12:10 -0400)]
releasing version 2.53.2
Joey Hess [Mon, 8 Sep 2008 15:51:25 +0000 (11:51 -0400)]
Merge commit 'origin/debian-testing' into debian-testing
Joey Hess [Mon, 8 Sep 2008 15:42:31 +0000 (11:42 -0400)]
Fix bad patch backport that broke generation of rss/atom feeds. Closes: #498224
Joey Hess [Sat, 6 Sep 2008 02:18:36 +0000 (22:18 -0400)]
releasing version 2.53.1
Joey Hess [Sat, 6 Sep 2008 01:02:49 +0000 (21:02 -0400)]
finalizing
Joey Hess [Mon, 1 Sep 2008 19:50:50 +0000 (15:50 -0400)]
updates
Joey Hess [Mon, 1 Sep 2008 19:34:58 +0000 (15:34 -0400)]
fix typo
Joey Hess [Fri, 29 Aug 2008 22:43:48 +0000 (18:43 -0400)]
Work around perl $_ scoping nonsense that caused breakage when loading external plugins.
(There's a good chance this bug doesn't affect this version of the code,
since while $config{plugin} is clobbered, it's not used further.)
Joey Hess [Tue, 26 Aug 2008 16:55:43 +0000 (12:55 -0400)]
map: The fix for #449285 was buggy and broke display of parents in certian circumstances.
The use of $dummy was not sufficient, because it only stuck around for the
first element after a dummy parent, and was then lost. Instead, use a
$addparent that contains the actual dummy parent, so it can be compared
with the new item to see if we're still under that parent or have moved to
another one.
(cherry picked from commit
9b10f5eab22be36cf3b3a217076c76a669b4aafa)
Joey Hess [Tue, 26 Aug 2008 16:52:39 +0000 (12:52 -0400)]
remove wacky meta description tag
Joey Hess [Tue, 26 Aug 2008 16:51:28 +0000 (12:51 -0400)]
edittemplate: Don't wipe out edits on preview.
(cherry picked from commit
d06096ad0d15dc7fb5e3187209a2908b3613b30b)
Joey Hess [Tue, 26 Aug 2008 16:48:22 +0000 (12:48 -0400)]
external: Fix support for hooks called in an array context.
(cherry picked from commit
86660e9c82b67f9165cb5fabe28c341a338d8c4e)
Joey Hess [Tue, 26 Aug 2008 16:47:02 +0000 (12:47 -0400)]
inline: Ignore parent dirs when sorting pages by title.
(cherry picked from commit
581381e335f2adc83d980c6805e1e51a936fba45)
Joey Hess [Tue, 26 Aug 2008 16:44:16 +0000 (12:44 -0400)]
Enrico Zini [Sat, 26 Jul 2008 22:05:22 +0000 (23:05 +0100)]
Handle the case when HTML got tidied.
This fixes debian bug #492529.
(cherry picked from commit
02078c406ca71780e45af0f4dea6ceafcd56c730)
Joey Hess [Tue, 26 Aug 2008 16:43:12 +0000 (12:43 -0400)]
toggle: Fix incompatability between javascript and webkit.
(cherry picked from commit
99b59f2d62a8e431d84a469ab31a8da101333b26)
Joey Hess [Tue, 26 Aug 2008 16:40:45 +0000 (12:40 -0400)]
fix feed urls
The fix for colons involved adding "./" to some urls. Due to the weird way
inline called urlto, these snuck into feed urls and permalinks. Fix it by
adding an optional third parameter to urlto.
Joey Hess [Tue, 26 Aug 2008 16:39:02 +0000 (12:39 -0400)]
Really fix bug with links to pages with names containing colons
Previous fix mised a few cases.
(cherry picked from commit
c2ffd205f3301a9fe6b5949a88da770899642589)
Simon McVittie [Sat, 12 Jul 2008 14:14:47 +0000 (15:14 +0100)]
Bug fix: use &IkiWiki::pagetitle rather than nonexistent &pagetitle in meta plugin, so that PageSpecs with title(...) work again
(cherry picked from commit
1f26a1bf1655b1d0223b24ba1db70579a3774eb1)
Joey Hess [Tue, 26 Aug 2008 16:32:52 +0000 (12:32 -0400)]
update changelog
(cherry picked from commit
b557ba7c462c04d7fa924e4f293d4808f26219fe)
Gabriel McManus [Thu, 17 Jul 2008 10:37:08 +0000 (20:37 +1000)]
Use correct term prefixes when searching.
The Z term prefix is for stemming and shouldn't be used here.
X is for custom fields.
(cherry picked from commit
e3b0584a493d4d2178bc7c48ff89fde766ff322b)
Joey Hess [Tue, 26 Aug 2008 16:30:35 +0000 (12:30 -0400)]
Add a postscan hook.
* Add a postscan hook.
* search: Use postscan hook, avoid updating index when previewing.
(cherry picked from commit
584f3e3061e8983e4caa328d7bc16fdeba849654)
Joey Hess [Tue, 26 Aug 2008 16:28:59 +0000 (12:28 -0400)]
remove dead code
(cherry picked from commit
6364949dfced5cdbba5014d34dbf0e7f0980cd27)
Joey Hess [Thu, 17 Jul 2008 17:11:47 +0000 (13:11 -0400)]
fix pos setting
What was really going on is that expanding a smiley modified the string and
reset the match process. Force set pos so it continues on from the expanded
smiley.
(cherry picked from commit
c4f124d78a4c6e227f2017452821c95c35544860)
Joey Hess [Thu, 17 Jul 2008 17:03:00 +0000 (13:03 -0400)]
add smiley to work around markdown
{*} can be interpreted as the start of emphasised text by markdown, so add
{x} as an alternate way to get the same symbol
(cherry picked from commit
16c44bd209506de96e4fe5a5c007a456badc053d)
Joey Hess [Tue, 26 Aug 2008 16:27:33 +0000 (12:27 -0400)]
smiley escaping fixes
Smileys need to be double-escaped to work, since the smiley plugin runs as
a sanitize hook, and markdown helpfully removes one level of escapes first.
There were some bugs in the smiley handling code that made escaped smileys
still be expanded. After unescaping a smiley, it needed to move pos forward
past it or the next pass would expand it.
Also, once the m//g got to the end, it seemed to loop back through and make
one more pass (a difference in perl 5.10's regexp exngine? I observed that
pos was undefined when this happened, so added a `last unless defined pos`.
(cherry picked from commit
df3a8b183c4e6b50b05ba3c4514563619927c924)
Joey Hess [Tue, 26 Aug 2008 16:24:47 +0000 (12:24 -0400)]
Change deb dependencies to list Text::Markdown before markdown, since the former, while slower, has a much better html parser that avoids numerous bugs.
(cherry picked from commit
a0f596b6ed4594011b07cf7af2d2d55aa78d8be1)
Joey Hess [Tue, 26 Aug 2008 16:23:48 +0000 (12:23 -0400)]
Fixes creation of pages when clicking on WikiLinks starting with "/".
(cherry picked from commit
3879c56e71bb2e0d5fda81982d900fc93d4a893d)
Joey Hess [Tue, 26 Aug 2008 16:21:28 +0000 (12:21 -0400)]
ikiwiki-transition: Fix command-line processing so the prefix_directives transition works again.
(cherry picked from commit
1aab048e8117e65faa7e2d0020609ee83e8e3a70)
Joey Hess [Mon, 4 Aug 2008 18:58:21 +0000 (14:58 -0400)]
improve fix to DTRT for a param of "0"
(cherry picked from commit
6f2d1536b8ce0bd746c87c00466170435ddb3923)
Simon McVittie [Sun, 3 Aug 2008 15:16:24 +0000 (16:16 +0100)]
Suppress warning about uninitialized value if directives look like [[!foo]]
(cherry picked from commit
cf58eefaa56eb17c227d97d129bf95e3dab54fd3)
(cherry picked from commit
4c2f46e3fa34238bbdd093f0b3d211103a3b94a3)
Joey Hess [Wed, 9 Jul 2008 20:59:53 +0000 (16:59 -0400)]
releasing version 2.53
Joey Hess [Wed, 9 Jul 2008 20:53:03 +0000 (16:53 -0400)]
improve error message if virus checker fails w/o output
Joey Hess [Wed, 9 Jul 2008 20:14:30 +0000 (16:14 -0400)]
web commit by intrigeri: initial wishlist
Joey Hess [Wed, 9 Jul 2008 12:24:14 +0000 (08:24 -0400)]
web commit by http://jcflack.myopenid.com/
Joey Hess [Wed, 9 Jul 2008 12:20:33 +0000 (08:20 -0400)]
web commit by http://jcflack.myopenid.com/
Joey Hess [Wed, 9 Jul 2008 08:27:10 +0000 (04:27 -0400)]
web commit by ptecza.myopenid.com/: * Confirmation and thanks
Joey Hess [Wed, 9 Jul 2008 06:05:57 +0000 (02:05 -0400)]
remove patch tag
Joey Hess [Wed, 9 Jul 2008 06:02:26 +0000 (02:02 -0400)]
close
Joey Hess [Wed, 9 Jul 2008 06:02:03 +0000 (02:02 -0400)]
close
Joey Hess [Wed, 9 Jul 2008 04:25:15 +0000 (00:25 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info
Joey Hess [Wed, 9 Jul 2008 04:24:59 +0000 (00:24 -0400)]
testing
Joey Hess [Wed, 9 Jul 2008 04:20:39 +0000 (00:20 -0400)]
web commit by bremner: fix my name
Joey Hess [Wed, 9 Jul 2008 02:47:28 +0000 (22:47 -0400)]
mention github mirror
Joey Hess [Wed, 9 Jul 2008 02:44:52 +0000 (22:44 -0400)]
testing
Joey Hess [Wed, 9 Jul 2008 02:30:43 +0000 (22:30 -0400)]
testing
Joey Hess [Wed, 9 Jul 2008 02:29:24 +0000 (22:29 -0400)]
testing
Joey Hess [Wed, 9 Jul 2008 02:27:38 +0000 (22:27 -0400)]
testing
Joey Hess [Wed, 9 Jul 2008 02:26:37 +0000 (22:26 -0400)]
testing
Joey Hess [Wed, 9 Jul 2008 00:52:30 +0000 (20:52 -0400)]
otl: Support utf-8 files. (Recai Oktaş)
Joey Hess [Wed, 9 Jul 2008 00:47:29 +0000 (20:47 -0400)]
response
Joey Hess [Wed, 9 Jul 2008 00:42:28 +0000 (20:42 -0400)]
web commit by https://id.mayfirst.org/jamie/
Joey Hess [Wed, 9 Jul 2008 00:41:45 +0000 (20:41 -0400)]
web commit by https://id.mayfirst.org/jamie/
Joey Hess [Tue, 8 Jul 2008 23:28:20 +0000 (19:28 -0400)]
response
Joey Hess [Tue, 8 Jul 2008 23:15:40 +0000 (19:15 -0400)]
web commit by AndrewGreenberg: bad formatting on bug report, sorry.
Joey Hess [Tue, 8 Jul 2008 23:14:11 +0000 (19:14 -0400)]
web commit by AndrewGreenberg: Added nasty URL edit bug in 2.52.
Joey Hess [Tue, 8 Jul 2008 22:44:56 +0000 (18:44 -0400)]
not yet released
Joey Hess [Tue, 8 Jul 2008 22:35:48 +0000 (18:35 -0400)]
response
Joey Hess [Tue, 8 Jul 2008 22:13:49 +0000 (18:13 -0400)]
web commit by mrled
Joey Hess [Tue, 8 Jul 2008 22:12:33 +0000 (18:12 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info
Conflicts:
doc/bugs/attachment:_failed_to_get_filehandle.mdwn
Joey Hess [Tue, 8 Jul 2008 22:10:05 +0000 (18:10 -0400)]
attachment: Support perl 5.8's buggy version of CGI.pm.
This is truely horribly disgusting. CGI::tmpFileName, in current perls, is
an undocumented function (which should be a clue..) that takes the original
filename of an uploaded attachment, and returns the name of the tempfile
that CGI has stored it in.
In old perls, though, CGI::tmpFileName does not take a filename. It takes
a key from the object's {'.tmpfiles'} hash. This key is something
crazy like '*Fh::fh00001group' -- apparently the stringification of a
filehandle object.
Just to add to the fun, tmpFileName doesn't take the key, it expects a
refernce to the key. Argh?!
But the fun doesn't stop there, because in perl 5.8, CGI.pm is also broken
in two other ways. The upload() method is supposed to return a filehandle
to the temp file. It doesn't. The param() method is supposed to return
a filehandle to the temp file, that stringifies to the original filename.
It returns just the original filename, no filehandle.
Combine all these bugs, and you end up with this disgusting commit. Since
I have no way to get the filehandle, I *need* to get the tempfile name.
If I had the filehandle, I could probably pass it into tmpFileName, and
it might strigify to the right key name. But I don't, so the only way to
determine the key is to grub through the .tmpfiles hash ourselves.
And finally, one the temp file name is discovered, a filehandle can finally
be obtained by (re)opening it.
I recommend that this commit be reverted when perl 5.8 is a mercifully
faded memory.
I'm really, really, really glad I'm actually being paid for working on
this right now!
Joey Hess [Tue, 8 Jul 2008 21:18:02 +0000 (17:18 -0400)]
explicitly set form type to multipart
This is the default in unstable's formbuilder, but not in stable's,
and CGI multipart is needed for fule uploads.
Joey Hess [Tue, 8 Jul 2008 21:08:00 +0000 (17:08 -0400)]
Include ikiwiki.setup in examples in the debian package.
Joey Hess [Tue, 8 Jul 2008 21:05:33 +0000 (17:05 -0400)]
web commit by ptecza.myopenid.com/: * Thanks!
Joey Hess [Tue, 8 Jul 2008 21:04:28 +0000 (17:04 -0400)]
web commit by HenrikBrixAndersen: This happens on FreeBSD as well
Joey Hess [Tue, 8 Jul 2008 20:59:21 +0000 (16:59 -0400)]
reproduced
Joey Hess [Tue, 8 Jul 2008 20:21:17 +0000 (16:21 -0400)]
response
Joey Hess [Tue, 8 Jul 2008 20:21:01 +0000 (16:21 -0400)]
check for tempfile being empty
Joey Hess [Tue, 8 Jul 2008 20:18:11 +0000 (16:18 -0400)]
rm
Joey Hess [Tue, 8 Jul 2008 20:11:18 +0000 (16:11 -0400)]
web commit by ptecza.myopenid.com/: * The bug still occurs
Joey Hess [Tue, 8 Jul 2008 18:18:09 +0000 (14:18 -0400)]
add dist-bugs
Joey Hess [Tue, 8 Jul 2008 17:47:02 +0000 (13:47 -0400)]
merge
Joey Hess [Tue, 8 Jul 2008 17:46:01 +0000 (13:46 -0400)]
response
Joey Hess [Tue, 8 Jul 2008 17:16:11 +0000 (13:16 -0400)]
web commit by mrled
Joey Hess [Tue, 8 Jul 2008 17:08:46 +0000 (13:08 -0400)]
web commit by mrled
Joey Hess [Tue, 8 Jul 2008 17:04:23 +0000 (13:04 -0400)]
web commit by mrled
Joey Hess [Tue, 8 Jul 2008 17:03:46 +0000 (13:03 -0400)]
web commit by mrled
Joey Hess [Tue, 8 Jul 2008 17:02:25 +0000 (13:02 -0400)]
web commit by mrled
Joey Hess [Tue, 8 Jul 2008 16:16:36 +0000 (12:16 -0400)]
undef $fh before opening
Joey Hess [Tue, 8 Jul 2008 15:56:31 +0000 (11:56 -0400)]
web commit by ptecza.myopenid.com/: * Still no success
Joey Hess [Tue, 8 Jul 2008 15:47:03 +0000 (11:47 -0400)]
response
Joey Hess [Tue, 8 Jul 2008 15:25:30 +0000 (11:25 -0400)]
another try at dealing with CGI.pm problem
open the temp file if all attempts to get a fd fail
Joey Hess [Tue, 8 Jul 2008 15:15:48 +0000 (11:15 -0400)]
web commit by ptecza.myopenid.com/: * Debugging again
Joey Hess [Tue, 8 Jul 2008 14:43:45 +0000 (10:43 -0400)]
possible fix
Joey Hess [Tue, 8 Jul 2008 14:42:58 +0000 (10:42 -0400)]
attachment: Support old versions of CGI.pm that lack an upload method.
Joey Hess [Tue, 8 Jul 2008 14:24:24 +0000 (10:24 -0400)]
web commit by ptecza.myopenid.com/: * Next debbuging
Joey Hess [Tue, 8 Jul 2008 14:16:29 +0000 (10:16 -0400)]
new thing to try
Joey Hess [Tue, 8 Jul 2008 14:05:57 +0000 (10:05 -0400)]
fix fix
Joey Hess [Tue, 8 Jul 2008 14:04:43 +0000 (10:04 -0400)]
close
Joey Hess [Tue, 8 Jul 2008 14:03:55 +0000 (10:03 -0400)]
Fix a bug with links to pages whose names contained colons.
So the problem is that ikiwiki would generate a relative link like
href="colon:problem", which web browsers treat as being in the "colon:"
uri scheme.
The best fix seems to be to make url beautification fix this, by slapping
a "./" in front.
Joey Hess [Tue, 8 Jul 2008 14:00:48 +0000 (10:00 -0400)]
web commit by ptecza.myopenid.com/: * Missing Apache2 version
Joey Hess [Tue, 8 Jul 2008 13:58:33 +0000 (09:58 -0400)]
web commit by ptecza.myopenid.com/: * Response
Joey Hess [Tue, 8 Jul 2008 13:49:29 +0000 (09:49 -0400)]
split out separate bug