Age | Commit message (Collapse) | Author |
|
Jon was worried about the backwards-compatibility break involved in making
tagged() not match non-tag links, but Joey seems less concerned about it.
|
|
|
|
The reason to do this is basically a user interaction design decision.
It is achieved by adding an entry, associated to the creating plugin, to
%pagestate. To find out if files were deleted a new global hash %del_hash is
%introduced.
|
|
add_autofile has to have checks, whether to create the file, anyway, so this
will make things more consistent.
Correcter check for the result of verify_src_file().
Cosmetic rename of a variable $addfile to $autofile.
|
|
Also rename cmpspec_translate (internal function) to sortspec_translate
for consistency.
|
|
|
|
|
|
pages in the wiki.
|
|
Colons are not allowed at the start of urls, because it can be interpreted
as a protocol, and allowing arbitrary protocols can be unsafe
(CVE-2008-0809). However, this check was too restrictive, not allowing
use of eg, "video.ogv?t=0:03:00/0:04:00" to seek to a given place in a
video, or "somecgi?foo=bar:baz" to pass parameters with colons.
It's still not allowed to have a filename with a colon in it (ie
"foo:bar.png") -- to link to such a file, a fully qualified url must be
used.
|
|
|
|
|
|
called by attachment plugin.
|
|
|
|
Debian stable's Net::OpenID does not support getting extension fields.
|
|
This allows correct sorting of titles, names, etc., with:
[[!meta title="David Bowie" sort="Bowie, David"]]
[[!meta title="The Beatles" sort="Beatles, The"]]
|
|
|
|
|
|
The POSIX perl module exports a huge number of functions by default, so
make sure all imports are qualified. (And remove one that was not
necessary.)
|
|
the user's email address and username.
The info is stored in the session database, not the user database.
There should be no reason to need it when a user is not logged in.
Also, hide the email field in the preferences page for openid users.
Note that the email and username are not yet actually used for anything.
The email will be useful for gravatar, while the username might be used
for a more pretty display of the openid.
|
|
|
|
|
|
whitelisted image types. No svg.
|
|
template, where it might crash omega.
Really, a more general fix, this deals with any $ that might appear on the
misctemplate.
|
|
* moderatedcomments: Added moderate_pagespec that can be used
to control which users or comment locations are moderated.
This can be used, just for example, to moderate http://myopenid.com/*
if you're getting a lot of spammers from one particular openid
provider (who should perhaps answer your emails about them),
while not moderating other users.
* moderatedcomments: The moderate_users setting is deprecated. Instead,
set moderate_pagespec to "!admin()" or "user(*)" instead.
|
|
|
|
This prevented comments containing some utf-8, including euro sign, from
being submitted. Since md5_hex is a C implementation, the string has to be
converted from perl's internal encoding to utf-8 when it is called. Some
utf-8 happened to work before, apparently by accident.
Note that this will change the checksums returned.
unique_comment_location is only used when posting comments, so the checksum
does not need to be stable there.
I only changed page_to_id for completeness; it is passed a comment page
name, and they can currently never contain utf-8.
In teximg, the bug could perhaps be triggered if the tex source contained
utf-8. If that happens, the checksum will change, and some extra work might
be performed on upgrade to rebuild the image.
|
|
|
|
This was not doable before, but when I added transitive dependency handling
in the big dependency rewrite, it became possible to include a comment
count when inlining.
This also improves the action link when a page has no comments. It will
link direct to the cgi to allow posting the first comment. And if the page
is locked to prevent posting new comments, the link is no longer shown.
|
|
|
|
|
|
|
|
|
|
|
|
to handle sections
|
|
|
|
plugins from the setup file.
|
|
When creating a page, multiple locations are tested to see if they can be
edited. If all fail, one of the failure subs is called, to log the user in
to allow them to proceed with the edit. So far so good.
But, what if some pages fail for one reason, and some for another? This
occurs when httpauth_pagespec is used in conjunction with signinedit (and
openid or something). When the user is not signed in at all
The former will fail to edit a page because the user was not httpauthed.
The latter will fail to edit a different page, because the user was not
signed in. One of their failure methods gets to run first.
The page creation code always ran the failure method corresponding to the
topmost page location. So, when editing a foo/Discussion page, and with
httpauth_pagespec => "*!/Discussion", it ran the httpauth failure method,
which was exactly the wrong thing to do.
I fixed this by making it instead run the failure method for the *best*
page location. In the above example, that's foo/Discussion, so signinedit
runs, as desired, and we get the signin page.
This seems like it will be the right choice, or at least an acceptable
choice. If a user wants to use httpauth they can always choose it on the
signin page.
|
|
My logic was right before. Cleaned up some code.
(Page creation is still a problem.)
Also, I removed the Edit url munging, because that is not
necessary with the canedit hook, since canedit will handle
redirection through cgiauthurl if necessary.
|
|
|
|
only being edited via users authed with httpauth.
|
|
other authentication methods (like openid or anonok). Rather than always redirect to the cgiauthurl for authentication, there is now a button on the login form to use it.
|
|
|
|
attempts to create already existing buckets.
|
|
|
|
to otherwise locked-down sites.
|
|
This was only ordered ok due to luck before.
|
|
|
|
|
|
Not yet exported, as only 4 quite core plugins use it.
|
|
|