diff options
Diffstat (limited to 'doc/todo')
| -rw-r--r-- | doc/todo/Bestdir_along_with_bestlink_in_IkiWiki.pm/discussion.mdwn | 6 | ||||
| -rw-r--r-- | doc/todo/Moving_Pages.mdwn | 13 | ||||
| -rw-r--r-- | doc/todo/done.mdwn | 2 | ||||
| -rw-r--r-- | doc/todo/mercurial.mdwn | 1 | ||||
| -rw-r--r-- | doc/todo/rcs_updates_needed_for_rename_and_remove.mdwn | 4 |
5 files changed, 22 insertions, 4 deletions
diff --git a/doc/todo/Bestdir_along_with_bestlink_in_IkiWiki.pm/discussion.mdwn b/doc/todo/Bestdir_along_with_bestlink_in_IkiWiki.pm/discussion.mdwn new file mode 100644 index 000000000..d473bc3ad --- /dev/null +++ b/doc/todo/Bestdir_along_with_bestlink_in_IkiWiki.pm/discussion.mdwn @@ -0,0 +1,6 @@ +- Is there some implicit license for patches posted on the wiki? + I would like to maybe use this in [[todo/mbox]] --[[DavidBremner]] + +> If it's not clear to me that a patch is a derivative work of ikiwiki, I +> always ask for a license clarification before adding it to ikiwiki. +> --[[Joey]] diff --git a/doc/todo/Moving_Pages.mdwn b/doc/todo/Moving_Pages.mdwn index 61f2663e0..bd6507dd0 100644 --- a/doc/todo/Moving_Pages.mdwn +++ b/doc/todo/Moving_Pages.mdwn @@ -205,3 +205,16 @@ Cases to consider: Update: Meh. It's certianly not ideal; if Bob tries to save the page he uploaded the attachment to, he'll get a message about it having been deleted/renamed, and he can try to figure out what to do... :-/ +* I don't know if this is a conflict, but it is an important case to consider; + you need to make sure that there are no security holes. You dont want + someone to be able to rename something to <code>/etc/passwd</code>. + I think it would be enough that you cannot rename to a location outside + of srcdir, you cannot rename to a location that you wouldn't be able + to edit because it is locked, and you cannot rename to an existing page. + + > Well, there are a few more cases (like not renaming to a pruned + > filename, and not renaming _from_ a file that is not a known source + > file or is locked), but yes, that's essentially it. + > + > PS, the first thing I do to any + > web form is type /etc/passwd and ../../../../etc/passwd into it. ;-) --[[Joey]] diff --git a/doc/todo/done.mdwn b/doc/todo/done.mdwn index ed161fb5b..7fcbe44b6 100644 --- a/doc/todo/done.mdwn +++ b/doc/todo/done.mdwn @@ -1,3 +1,3 @@ recently fixed [[TODO]] items -[[!inline pages="link(todo/done) and !todo and !*/Discussion" sort=mtime show=10]] +[[!inline pages="link(todo/done) and !todo and !*/Discussion" sort=mtime show=10 archive=yes]] diff --git a/doc/todo/mercurial.mdwn b/doc/todo/mercurial.mdwn index 77b538c02..f0dbf9806 100644 --- a/doc/todo/mercurial.mdwn +++ b/doc/todo/mercurial.mdwn @@ -1,4 +1,3 @@ -* rcs_notify is not implemented (not needed in this branch --[[Joey]]) * Is the code sufficiently robust? It just warns when mercurial fails. * When rcs_commit is called with a $user that is an openid, it will be passed through to mercurial -u. Will mercurial choke on this? diff --git a/doc/todo/rcs_updates_needed_for_rename_and_remove.mdwn b/doc/todo/rcs_updates_needed_for_rename_and_remove.mdwn index 02c935b4f..412f94804 100644 --- a/doc/todo/rcs_updates_needed_for_rename_and_remove.mdwn +++ b/doc/todo/rcs_updates_needed_for_rename_and_remove.mdwn @@ -1,5 +1,5 @@ I've added three new functions to the ikiwiki VCS interface to support -renaming and removing files using the web interface. The bzr, mercurial, -monotone, and tla [[rcs]] backends need implementions of these functions. +renaming and removing files using the web interface. The bzr, +mercurial, and tla [[rcs]] backends need implementions of these functions. (The maintainers of these backends have been mailed. --[[Joey]]) |