summaryrefslogtreecommitdiff
path: root/IkiWiki/Plugin
AgeCommit message (Collapse)Author
2010-04-06HTML-encode meta title, description, guid on output, but not in the pagestateSimon McVittie
This makes them consistent with the rest of the meta keys. A wiki rebuild will be needed on upgrade to this version; until the wiki is rebuilt, double-escaping will occur in the titles of pages that have not changed.
2010-04-05txt: Add a special case for robots.txt.Joey Hess
2010-04-05comments: Fix missing entity encoding in title.Joey Hess
The meta title data set by comments needs to be encoded the same way that meta encodes it. (NB The security implications of the missing encoding are small.) Note that meta's encoding of title, description, and guid data, and not other data, is probably a special case that should be removed. Instead, these values should be encoded when used. I have avoided doing so here because that would mean forcing a wiki rebuild on upgrade to have the data consitently encoded.
2010-04-04fix test suiteJoey Hess
2010-04-04more idiomatic perlJoey Hess
2010-04-04rename hash and avoid unnecessary hash refJoey Hess
Variable renamed to be a bit more self-explanatory. Probably more idiomatic perl to not use a hash ref when a hash can be used.
2010-04-04fix indentation & whitespaceJoey Hess
2010-04-04Fix bzr plugin to work with bzr 2.0.Lars Wirzenius
The output of "bzr log" seems to have changed a bit, so we change the parsing accordingly. This has not been tested with earlier versions of bzr. Several problems seemed to occur, all in the bzr_log subroutine: 1. The @infos list would contain an empty hash, which would confuse the rest of the program. 2. This was because bzr_log would push an empty anonymous hash to the list whenever it thought a new record would start. 3. However, a new record marker (now?) also happens at th end of bzr log output. 4. Now we collect the record to a hash that gets pushed to the list only if it is not empty. 5. Also, sometimes bzr log outputs "revno: 1234 [merge]", so we catch only the revision number. 6. Finally, there may be non-headers at the of the output, so we ignore those.
2010-04-02qualify template_fileJoey Hess
2010-04-02template: Search for templates in the templatedir, if they are not found as ↵Joey Hess
pages in the wiki.
2010-04-02htmlscrubber: Allow colons in url fragments after '?'Joey Hess
Colons are not allowed at the start of urls, because it can be interpreted as a protocol, and allowing arbitrary protocols can be unsafe (CVE-2008-0809). However, this check was too restrictive, not allowing use of eg, "video.ogv?t=0:03:00/0:04:00" to seek to a given place in a video, or "somecgi?foo=bar:baz" to pass parameters with colons. It's still not allowed to have a filename with a colon in it (ie "foo:bar.png") -- to link to such a file, a fully qualified url must be used.
2010-03-26fix the other half of the filecheck filename bugJoey Hess
2010-03-25filecheck: Fix bug that prevented the pagespecs from matching when not ↵Joey Hess
called by attachment plugin.
2010-03-25remove a few leftover manual folding indicatorsJoey Hess
2010-03-24fix back-compat with old Net::OpenIDJoey Hess
Debian stable's Net::OpenID does not support getting extension fields.
2010-03-19whitespaceJoey Hess
2010-03-19audited use POSIXJoey Hess
The POSIX perl module exports a huge number of functions by default, so make sure all imports are qualified. (And remove one that was not necessary.)
2010-03-13openid: Use Openid Simple Registration or OpenID Attribute Exchange to get ↵Joey Hess
the user's email address and username. The info is stored in the session database, not the user database. There should be no reason to need it when a user is not logged in. Also, hide the email field in the preferences page for openid users. Note that the email and username are not yet actually used for anything. The email will be useful for gravatar, while the username might be used for a more pretty display of the openid.
2010-03-13websetup: Add websetup_unsafe to allow marking other settings as unsafe.Joey Hess
2010-03-12typoJoey Hess
2010-03-12htmlscrubber: Security fix: In data:image/* uris, only allow a few ↵Joey Hess
whitelisted image types. No svg.
2010-03-11search: Avoid '$' in the wikiname appearing unescaped on omega's query ↵Joey Hess
template, where it might crash omega. Really, a more general fix, this deals with any $ that might appear on the misctemplate.
2010-03-11moderatedcomments: Added moderate_pagespecJoey Hess
* moderatedcomments: Added moderate_pagespec that can be used to control which users or comment locations are moderated. This can be used, just for example, to moderate http://myopenid.com/* if you're getting a lot of spammers from one particular openid provider (who should perhaps answer your emails about them), while not moderating other users. * moderatedcomments: The moderate_users setting is deprecated. Instead, set moderate_pagespec to "!admin()" or "user(*)" instead.
2010-03-09typoJoey Hess
2010-03-09Fix utf8 issues in calls to md5_hex.Joey Hess
This prevented comments containing some utf-8, including euro sign, from being submitted. Since md5_hex is a C implementation, the string has to be converted from perl's internal encoding to utf-8 when it is called. Some utf-8 happened to work before, apparently by accident. Note that this will change the checksums returned. unique_comment_location is only used when posting comments, so the checksum does not need to be stable there. I only changed page_to_id for completeness; it is passed a comment page name, and they can currently never contain utf-8. In teximg, the bug could perhaps be triggered if the tex source contained utf-8. If that happens, the checksum will change, and some extra work might be performed on upgrade to rebuild the image.
2010-02-24catch failure to open the filetypes fileJoey Hess
2010-02-14comments: Display number of comments in comment action link.Joey Hess
This was not doable before, but when I added transitive dependency handling in the big dependency rewrite, it became possible to include a comment count when inlining. This also improves the action link when a page has no comments. It will link direct to the cgi to allow posting the first comment. And if the page is locked to prevent posting new comments, the link is no longer shown.
2010-02-14minor refactor/optimisationJoey Hess
2010-02-12setup file orderingJoey Hess
2010-02-12add section informationJoey Hess
2010-02-12remove unnecessary IkiWiki::Joey Hess
2010-02-12format plugin categorizationJoey Hess
2010-02-12improve websetup fieldset displayJoey Hess
to handle sections
2010-02-11fix websetup display of unsafe arrays in expert modeJoey Hess
2010-02-11Group related plugins into sections in the setup file, and drop unused rcs ↵Joey Hess
plugins from the setup file.
2010-02-11reorder canedit checks during page creation to have best_loc firstJoey Hess
When creating a page, multiple locations are tested to see if they can be edited. If all fail, one of the failure subs is called, to log the user in to allow them to proceed with the edit. So far so good. But, what if some pages fail for one reason, and some for another? This occurs when httpauth_pagespec is used in conjunction with signinedit (and openid or something). When the user is not signed in at all The former will fail to edit a page because the user was not httpauthed. The latter will fail to edit a different page, because the user was not signed in. One of their failure methods gets to run first. The page creation code always ran the failure method corresponding to the topmost page location. So, when editing a foo/Discussion page, and with httpauth_pagespec => "*!/Discussion", it ran the httpauth failure method, which was exactly the wrong thing to do. I fixed this by making it instead run the failure method for the *best* page location. In the above example, that's foo/Discussion, so signinedit runs, as desired, and we get the signin page. This seems like it will be the right choice, or at least an acceptable choice. If a user wants to use httpauth they can always choose it on the signin page.
2010-02-11partially fix httpauth canedit hookJoey Hess
My logic was right before. Cleaned up some code. (Page creation is still a problem.) Also, I removed the Edit url munging, because that is not necessary with the canedit hook, since canedit will handle redirection through cgiauthurl if necessary.
2010-02-11fix logic errorJoey Hess
2010-02-11httpauth: Add httpauth_pagespec setting that can be used to limit pages to ↵Joey Hess
only being edited via users authed with httpauth.
2010-02-11httpauth: When cgiauthurl is configured, httpauth can now be used alongside ↵Joey Hess
other authentication methods (like openid or anonok). Rather than always redirect to the cgiauthurl for authentication, there is now a button on the login form to use it.
2010-02-11patch so farJoey Hess
2010-02-09amazon_s3: Fix to support the EU S3 datacenter, which is more picky about ↵Joey Hess
attempts to create already existing buckets.
2010-02-06Fix color and format plugins to appear in the websetup interface.Joey Hess
2010-02-06opendiscussion: This plugin will also now allow posting commentsJoey Hess
to otherwise locked-down sites.
2010-02-06ensure opendiscussion hook is always called before lockeditJoey Hess
This was only ordered ok due to luck before.
2010-02-05revert accidental code changeJoey Hess
2010-02-05responseJoey Hess
2010-02-04factor out a userpage functionJoey Hess
Not yet exported, as only 4 quite core plugins use it.
2010-02-04Add link to userpage (or creation link) to top of preferences page.Joey Hess
2010-02-04typoJoey Hess