summaryrefslogtreecommitdiff
path: root/IkiWiki/Plugin
AgeCommit message (Collapse)Author
2010-04-02htmlscrubber: Allow colons in url fragments after '?'Joey Hess
Colons are not allowed at the start of urls, because it can be interpreted as a protocol, and allowing arbitrary protocols can be unsafe (CVE-2008-0809). However, this check was too restrictive, not allowing use of eg, "video.ogv?t=0:03:00/0:04:00" to seek to a given place in a video, or "somecgi?foo=bar:baz" to pass parameters with colons. It's still not allowed to have a filename with a colon in it (ie "foo:bar.png") -- to link to such a file, a fully qualified url must be used.
2010-03-26fix the other half of the filecheck filename bugJoey Hess
2010-03-25Reimplement extensible sorting mechanisms, in the same way as pagespecsSimon McVittie
2010-03-25filecheck: Fix bug that prevented the pagespecs from matching when not ↵Joey Hess
called by attachment plugin.
2010-03-25remove a few leftover manual folding indicatorsJoey Hess
2010-03-24fix back-compat with old Net::OpenIDJoey Hess
Debian stable's Net::OpenID does not support getting extension fields.
2010-03-24Add an optional "sort" argument to meta titles, defaulting to the titleSimon McVittie
This allows correct sorting of titles, names, etc., with: [[!meta title="David Bowie" sort="Bowie, David"]] [[!meta title="The Beatles" sort="Beatles, The"]]
2010-03-24Have the meta plugin add a meta_title sort orderSimon McVittie
2010-03-19whitespaceJoey Hess
2010-03-19audited use POSIXJoey Hess
The POSIX perl module exports a huge number of functions by default, so make sure all imports are qualified. (And remove one that was not necessary.)
2010-03-13openid: Use Openid Simple Registration or OpenID Attribute Exchange to get ↵Joey Hess
the user's email address and username. The info is stored in the session database, not the user database. There should be no reason to need it when a user is not logged in. Also, hide the email field in the preferences page for openid users. Note that the email and username are not yet actually used for anything. The email will be useful for gravatar, while the username might be used for a more pretty display of the openid.
2010-03-13websetup: Add websetup_unsafe to allow marking other settings as unsafe.Joey Hess
2010-03-12typoJoey Hess
2010-03-12htmlscrubber: Security fix: In data:image/* uris, only allow a few ↵Joey Hess
whitelisted image types. No svg.
2010-03-11search: Avoid '$' in the wikiname appearing unescaped on omega's query ↵Joey Hess
template, where it might crash omega. Really, a more general fix, this deals with any $ that might appear on the misctemplate.
2010-03-11moderatedcomments: Added moderate_pagespecJoey Hess
* moderatedcomments: Added moderate_pagespec that can be used to control which users or comment locations are moderated. This can be used, just for example, to moderate http://myopenid.com/* if you're getting a lot of spammers from one particular openid provider (who should perhaps answer your emails about them), while not moderating other users. * moderatedcomments: The moderate_users setting is deprecated. Instead, set moderate_pagespec to "!admin()" or "user(*)" instead.
2010-03-09typoJoey Hess
2010-03-09Fix utf8 issues in calls to md5_hex.Joey Hess
This prevented comments containing some utf-8, including euro sign, from being submitted. Since md5_hex is a C implementation, the string has to be converted from perl's internal encoding to utf-8 when it is called. Some utf-8 happened to work before, apparently by accident. Note that this will change the checksums returned. unique_comment_location is only used when posting comments, so the checksum does not need to be stable there. I only changed page_to_id for completeness; it is passed a comment page name, and they can currently never contain utf-8. In teximg, the bug could perhaps be triggered if the tex source contained utf-8. If that happens, the checksum will change, and some extra work might be performed on upgrade to rebuild the image.
2010-02-24catch failure to open the filetypes fileJoey Hess
2010-02-14comments: Display number of comments in comment action link.Joey Hess
This was not doable before, but when I added transitive dependency handling in the big dependency rewrite, it became possible to include a comment count when inlining. This also improves the action link when a page has no comments. It will link direct to the cgi to allow posting the first comment. And if the page is locked to prevent posting new comments, the link is no longer shown.
2010-02-14minor refactor/optimisationJoey Hess
2010-02-12setup file orderingJoey Hess
2010-02-12add section informationJoey Hess
2010-02-12remove unnecessary IkiWiki::Joey Hess
2010-02-12format plugin categorizationJoey Hess
2010-02-12improve websetup fieldset displayJoey Hess
to handle sections
2010-02-11fix websetup display of unsafe arrays in expert modeJoey Hess
2010-02-11Group related plugins into sections in the setup file, and drop unused rcs ↵Joey Hess
plugins from the setup file.
2010-02-11reorder canedit checks during page creation to have best_loc firstJoey Hess
When creating a page, multiple locations are tested to see if they can be edited. If all fail, one of the failure subs is called, to log the user in to allow them to proceed with the edit. So far so good. But, what if some pages fail for one reason, and some for another? This occurs when httpauth_pagespec is used in conjunction with signinedit (and openid or something). When the user is not signed in at all The former will fail to edit a page because the user was not httpauthed. The latter will fail to edit a different page, because the user was not signed in. One of their failure methods gets to run first. The page creation code always ran the failure method corresponding to the topmost page location. So, when editing a foo/Discussion page, and with httpauth_pagespec => "*!/Discussion", it ran the httpauth failure method, which was exactly the wrong thing to do. I fixed this by making it instead run the failure method for the *best* page location. In the above example, that's foo/Discussion, so signinedit runs, as desired, and we get the signin page. This seems like it will be the right choice, or at least an acceptable choice. If a user wants to use httpauth they can always choose it on the signin page.
2010-02-11partially fix httpauth canedit hookJoey Hess
My logic was right before. Cleaned up some code. (Page creation is still a problem.) Also, I removed the Edit url munging, because that is not necessary with the canedit hook, since canedit will handle redirection through cgiauthurl if necessary.
2010-02-11fix logic errorJoey Hess
2010-02-11httpauth: Add httpauth_pagespec setting that can be used to limit pages to ↵Joey Hess
only being edited via users authed with httpauth.
2010-02-11httpauth: When cgiauthurl is configured, httpauth can now be used alongside ↵Joey Hess
other authentication methods (like openid or anonok). Rather than always redirect to the cgiauthurl for authentication, there is now a button on the login form to use it.
2010-02-11patch so farJoey Hess
2010-02-09amazon_s3: Fix to support the EU S3 datacenter, which is more picky about ↵Joey Hess
attempts to create already existing buckets.
2010-02-06Fix color and format plugins to appear in the websetup interface.Joey Hess
2010-02-06opendiscussion: This plugin will also now allow posting commentsJoey Hess
to otherwise locked-down sites.
2010-02-06ensure opendiscussion hook is always called before lockeditJoey Hess
This was only ordered ok due to luck before.
2010-02-05revert accidental code changeJoey Hess
2010-02-05responseJoey Hess
2010-02-04factor out a userpage functionJoey Hess
Not yet exported, as only 4 quite core plugins use it.
2010-02-04Add link to userpage (or creation link) to top of preferences page.Joey Hess
2010-02-04typoJoey Hess
2010-02-04Improve display of openid in preferences page.Joey Hess
Now that openiduser is in IkiWiki core, it's ok to have passwordauth check for it, and avoid displaying useless password fields when showing preferences for an openid. Also improved the styling of the display of the openid in the preferneces page.
2010-02-04Allow jumping directly into account registration process by going to ↵Joey Hess
ikiwiki.cgi?do=register
2010-02-02Export add_autofile() for use in Plugins.David Riebenbauer
2010-02-02Use add_autofile() in tag.pmDavid Riebenbauer
to make the automatically created tagpages render.
2010-02-02Automatically create tag pages,David Riebenbauer
if "tag_autocreate=1" is set in the configuration. The pages will be created in tagbase, if and only if they do not exist in the srcdir yet. Tag pages will be create from "autotag.tmpl". At this stage a second refresh is needed for the tag pages to be rendered. Add autotag.tmpl template.
2010-01-28img: Fix a bug that could taint @links with undef values.Joey Hess
2010-01-26template: Preprocess parameters before htmlizing.Joey Hess
Consider a template like: [[!template type=note text=""" [[!inline pages="*foo*"]] """]] The text parameter is htmlized before being passed into the template (in case the template wraps it in a <span> that prevents markdown from htmlizing it later). But, when markdown sees "*foo*", it turns that into <em>foo</em>. Later, when preprocessing the inline directive, that leads to suprising results. To fix this, I made template parameters be preprocessed (and filtered) before being htmlized. Note that I left in the preprocessing (and filtering) of the template output at the end. That's still relevant when the template itself contains preprocessor directives.