summaryrefslogtreecommitdiff
path: root/IkiWiki/CGI.pm
AgeCommit message (Collapse)Author
2010-11-29Merge remote branch 'smcv/ready/sslcookie-auto'Joey Hess
2010-11-29Always set secure cookies if logging in via HTTPSSimon McVittie
2010-11-23Use local path for even more CGI URLsSimon McVittie
2010-11-23Use local paths for redirection where possibleSimon McVittie
2010-06-23stop using REMOTE_ADDRJoey Hess
Everywhere that REMOTE_ADDR was used, a session object is available, so instead use its remote_addr method. In IkiWiki::Receive, stop setting a dummy REMOTE_ADDR. Note that it's possible for a session cookie to be obtained using one IP address, and then used from another IP. In this case, the first IP will now be used. I think that should be ok.
2010-05-14allow misctemplate callers to pass params to suppress actions etcJoey Hess
Suppress disiplay of small search for on search results page, and of Prefrences link on prefs page.
2010-05-08moved non-openid signin form into same page as openid selector; show/hide as ↵Joey Hess
buttons are pressed
2010-05-06simplify formbuilder stylesheet specificationJoey Hess
Since all forms are wrapped in a template that defines the actual stylesheets, formbuilder just has to be told to turn on stylesheet mode, not what file is the style sheet.
2010-01-18brace styleJoey Hess
2010-01-18typosJoey Hess
2010-01-09make decode_form_utf8 safe for arraysJoey Hess
2009-12-14404/goto: Fix 404 display of utf-8 pages.Joey Hess
Problem here was that no charset http header was being sent. I fixed this globally by making cgi_custom_failure send the header. Required changing its parameters.
2009-10-29fix url encoding in redirJoey Hess
When redirecting to a page, ie, after editing, ensure that the url is uri-encoded. Most browsers other than MSIE don't care, but it's the right thing to do. The known failure case involved editing a page that had utf-8 in the name using MSIE.
2009-09-08Expand banned_users; it can now include PageSpecs, which allows banning by ↵Joey Hess
IP address.
2009-07-23Fix typo attepting→attemptingJonas Smedegaard
2009-02-26detect sslcookie set and no httpsJoey Hess
This is likely a misconfiguration and can cause login to fail as the browser refuses the send the session cookie back over http. Not entirely happy with putting the check where I did, since users have to try to log in, and fail, to see the misconfiguration explained. But I could not find a better place to put the check.
2009-01-31factor out IE stupididy workaroundJoey Hess
2009-01-31Split cgi_goto into a goto pluginSimon McVittie
2009-01-31Split apache404 into an independent pluginSimon McVittie
Also make it ignore the 'do' parameter at Joey's suggestion, to have one less thing to remember when configuring.
2009-01-31CGI: pad error responses with 512 bytes of spaces so IE will display themSimon McVittie
IE displays its own error responses unless the server's was >= 512 bytes. http://support.microsoft.com/default.aspx?scid=kb;en-us;Q294807
2009-01-31CGI: set up goto hook so that /ikiwiki.cgi?do=goto can be an Apache ↵Simon McVittie
ErrorDocument
2009-01-31CGI: add cgi_page_from_404(), which remaps a path like $REDIRECT_URL to an ↵Simon McVittie
IkiWiki page name Also add a regression test
2009-01-31CGI: if the page is missing, give the "missing page" a 404 statusSimon McVittie
2009-01-31CGI: document why commenter and recentchanges_link are supportedSimon McVittie
2009-01-31CGI: if the "do" parameter is goto, recentchanges_link or commenter, ↵Simon McVittie
redirect to a page This can replace equivalent functionality in comments and recentchanges.
2009-01-31CGI: add cgi_goto(CGI, [page])Simon McVittie
This redirects to the given page (or if none is given, the page parameter given to the CGI), or displays an error with a create link if the page doesn't exist.
2008-12-24remove deprecated admin prefsJoey Hess
A new ikiwiki-transition moveprefs subcommand can pull the old data out of the userdb and inject it into the setup file. Note that it leaves the old values behind in the userdb too. I did this because I didn't want to lose data if it fails writing the setup file for some reason, and the old data in the userdb will only use a small amount of space. Running the command multiple times will mostly not change anything.
2008-12-17Coding style change: Remove explcit vim folding markers.Joey Hess
2008-12-17checksessionexpiry: reworkJoey Hess
This function as factored out was a bit confusing, I think this makes more sense.
2008-12-11editpage: factor out checksessionexpiry into IkiWiki::CGISimon McVittie
2008-10-19Fix issue with utf-8 in wikiname breaking session cookies, by ↵Joey Hess
entity-encoding the wikiname in the session cookie.
2008-09-05editpage: New core plugin factoring out page editing to allow disabling it ↵Joey Hess
if desired.
2008-08-28Set cookies HttpOnly.Joey Hess
2008-08-05typoJoey Hess
2008-08-02relocateJoey Hess
2008-08-01banned_users move to setup file, stage 1Joey Hess
2008-07-22add a rename summaryJoey Hess
2008-07-22Split out error messages from editpage.tmpl into several separate templates.Joey Hess
2008-07-12only htmlize errors when cgi is actually runningJoey Hess
2008-07-11fix use orderingJoey Hess
The recent setup revamp exposed some latent bugs in use/package ordering that caused some symbols to not the exported into the correct scope.
2008-07-10Fixes creation of pages when clicking on WikiLinks starting with "/".Joey Hess
2008-07-10work around CGI::Session constructor issuesJoey Hess
The constructor can fail with a useless error message if module fail to load. Work around this by evaling it, and checking for failures, and printing CGI::Session->errstr to get a more useful message.
2008-07-06editpage escaping fixesJoey Hess
* The editpage form now uses the raw page name, not the page title, in its 'page' cgi parameter. Using the title was ambiguous and made it impossible to tell between some pages, like "foo/bar" and "foo__47__bar", sometimes causing the wrong page to be edited. * This change means that some edit links need to be updated. Force a rebuild on upgrade to this version. * Above change also allowed really fixing escaped slashes from the blogpost form.
2008-07-01better approach for cgi upload disablingJoey Hess
Make it a config setting, this way subtle load order issues don't come into play. (As much?)
2008-07-01simplificationJoey Hess
2008-06-30disable cgi uploads earlierJoey Hess
This allows plugins that want to enable uploads to do so by changing the value of $CGI::DISABLE_UPLOADS at some point before the cgi hook is run.
2008-06-30remove unused editpage titleJoey Hess
The title was set to editpage, but then always changed. And some code tested for this. Remove this dead code.
2008-06-30Configure CGI.pm to disable file uploads by default.Joey Hess
2008-06-28call format hooks when generating page previewsJoey Hess
* toc: Revert change in 2.45 that made it run at sanitize time. This breaks use of toc in a sidebar. * Call format hooks when generating page previews, thus fixing toc display there, as well as fixing inlins to again display in page previews, since it's started using format hooks. This also allows several other things, like embed, that use format hooks, to work during page preview time. * Format hooks should not rely on getting an entire html document, as they will only get the body during page preview. * toggle: Deal with preview mode when adding javascript.
2008-06-04Pass a destpage parameter to the sanitize hook.Joey Hess
Because the search plugin needed it, also because it's one of the few plugins that didn't already have it. I also considered adding it to htmlize, but I really cannot imagine caring what the destpage is when htmlizing. (I'll probably be poven wrong later.)