summaryrefslogtreecommitdiff
path: root/IkiWiki
AgeCommit message (Collapse)Author
2008-06-04move indexing to sanitize hookJoey Hess
I think this will give better results overall. I made %IkiWiki::preprocessing accessible and used it to avoid indexing at unnecessary points.
2008-06-04more search improvementsJoey Hess
2008-06-04more substr fixesJoey Hess
2008-06-04Filter hooks are no longer called during the scan phase. This will prevent ↵Joey Hess
wikilinks added by filters from being scanned properly. But no known filter hook does that, and calling filters unncessarily during scan slowed down complex filters such as the one used to update the xapian index.
2008-06-03add a colon to disambiguateJoey Hess
The omega docs suggest doing this if the term may contain upper case, which it could here.
2008-06-03avoid warningJoey Hess
"substr outside of string"
2008-06-03use "U" termJoey Hess
this seems to be the thing to use for a unique id
2008-06-03don't loop foreverJoey Hess
2008-06-03fixed most of the xapian todosJoey Hess
2008-06-03prettify page names, and drop the redunadant url displayJoey Hess
2008-06-03fix toindexJoey Hess
2008-06-03first pass at doing xapian indexingJoey Hess
Still some TODOs to fill in.
2008-06-03search: Converted to use xapian-omega.Joey Hess
Everything is done except for the actual indexing. I plan to do incremental indexing as pages change.
2008-05-31inline: The optimisation in 2.41 broke nested inlines. Detect those and ↵Joey Hess
avoid overoptimising.
2008-05-30haiku: Generate valid xhtml.Joey Hess
2008-05-30hashed password support, and empty password security fixJoey Hess
This implements the previously documented hashed password support. While implementing that, I noticed a security hole, which this commit also fixes..
2008-05-29teximg: If the log isn't written, avoid ugly error messages.Joey Hess
2008-05-29teximg: Fix logurl.Joey Hess
2008-05-28When calling decode_utf8 on known-problimatic content in aggregate, ↵Joey Hess
explicitly pass 0 (FB_DEFAULT) as the second parameter. Apparently perl 5.8 needs this to avoid crashing on malformed utf-8, despite its docs saying it is the default.
2008-05-25Avoid ``uninitialized value'' warning when there actually is no difference ↵Thomas Schwinge
between the two versions.
2008-05-21Perls older than 5.10 need to use the old method of decoding utf-8 in CGI ↵Joey Hess
values. Neither method will work for all versions of perl, so check version number at runtime.
2008-05-21display an error message if CGI::Session fails to loadJoey Hess
2008-05-15git: Skip over signed-off-by and similar lines in commit messages when ↵Joey Hess
generating recentchanges.
2008-05-15inline: Display a message if the 'pages' parameter is missing, before it ↵Joey Hess
just expanded to nothing.
2008-05-15orphans: As a special case, the toplevel index page is never considered an ↵Joey Hess
orphaned page.
2008-05-13mdwn: Add a multimarkdown setup file option.Joey Hess
2008-05-12Fixes for behavior changes in perl 5.10's CGIJoey Hess
Something has changed in CGI.pm in perl 5.10. It used to not care if STDIN was opened using :utf8, but now it'll mis-encode utf-8 values when used that way by ikiwiki. Now I have to binmode(STDIN) before instantiating the CGI object. In 57bba4dac132a06729eeec809f5e1a5adf829806, I changed from decoding CGI::Formbuilder fields to utf-8, to decoding cgi parameters before setting up the form object. As of perl 5.10, that approach no longer has any effect (reason unknown). To get correctly encoded values in FormBuilder forms, they must once again be decoded after the form is set up. As noted in 57bba4da, this can cause one set of problems for formbuilder_setup hooks if decode_form_utf8 is called before the hooks, and a different set if it's called after. To avoid both sets of problems, call it both before and after. (Only remaining problem is the sheer ugliness and inefficiency of that..) I think that these changes will also work with older perl versions, but I haven't checked. Also, in the case of the poll plugin, the cgi parameter needs to be explcitly decoded before it is used to handle utf-8 values. (This may have always been broken, not sure if it's related to perl 5.10 or not.)
2008-05-08paste-oJoey Hess
2008-05-08add --delete-bucket optionJoey Hess
2008-05-08load plugins before printing messagesJoey Hess
This allows plugins to getopt and change what is done before an incorrect line is printed.
2008-05-08amazon s3 index file improvementsJoey Hess
Turns out duplicate index files do not need to be stored when usedirs is in use, just when it's not. Ikiwiki is quite consistent about using page/ when usedirs is in use. (The only exception is the search plugin, which needs fixing.) This also includes significant code cleanup, removal of a incorrect special case for empty files, and addition of a workaround for a bug in the amazon perl module.
2008-05-08simplify key determination codeJoey Hess
2008-05-07remove debuggingJoey Hess
2008-05-07implemented pruning, s3 support now complete-ishJoey Hess
2008-05-07forgot to add..Joey Hess
2008-05-07amazon s3 support implemented and kinda workingJoey Hess
pruning not yet implemented, however
2008-05-07Optimised file statting code when scanning for modified pages; cut the ↵Joey Hess
number of system calls in half. (Still room for improvement.)
2008-05-06pinger/pingee now tested and workingJoey Hess
2008-05-06POSIX::setsid is not exported per defaultJoey Hess
2008-05-05aggregate: Add support for web-based triggering of aggregation for people ↵Joey Hess
stuck on shared hosting without cron. (Sheesh.) Enabled via the `aggregate_webtrigger` configuration optiom.
2008-05-02git: Put -- before the filename when calling git rev-list to avoid warning ↵Joey Hess
message when the file doesn't exist.
2008-05-02Fix ugly display when editing a page that has vanished.Joey Hess
srcfile now has an optional second parameter to avoid it throwing an error if the source file does not exist.
2008-05-02avoid uninitialised valueJoey Hess
2008-05-01anonk: Add anonok_pagespec configuration setting that can be used to allow ↵Joey Hess
anonymous users to edit only matching pages. Closes: #478892
2008-04-30img: Support a title attribute, will be passed through to html. Closes: #478718Joey Hess
2008-04-26toc: Add the table of contents at sanitize time, rather than at format time. ↵Joey Hess
This allows the toc to be displayed when previewing an edit. It also avoids headers in the page template from showing up in the toc.
2008-04-10Use bzr --quiet to avoid it outputting stuff and messing up http headers. ↵Joey Hess
(Scott Bronson)
2008-04-10Fix broken rcs_update for bzr. (Scott Bronson)Joey Hess
2008-04-10Fix CSRF attacks against the preferences and edit forms. Closes: #475445Joey Hess
The fix involved embedding the session id in the forms, and not allowing the forms to be submitted if the embedded id does not match the session id. In the case of the preferences form, if the session id is not embedded, then the CGI parameters are cleared. This avoids a secondary attack where the link to the preferences form prefills password or other fields, and the user hits "submit" without noticing these prefilled values. In the case of the editpage form, the anonok plugin can allow anyone to edit, and so I chose not to guard against CSRF attacks against users who are not logged in. Otherwise, it also embeds the session id and checks it. For page editing, I assume that the user will notice if content or commit message is changed because of CGI parameters, and won't blndly hit save page. So I didn't block those CGI paramters. (It's even possible to use those CGI parameters, for good, not for evil, I guess..) The only other CSRF attack I can think of in ikiwiki involves the poll plugin. It's certianly possible to set up a link that causes the user to unknowingly vote in a poll. However, the poll plugin is not intended to be used for things that people would want to attack, since anyone can after all edit the poll page and fill in any values they like. So this "attack" is ignorable.
2008-04-03need to handle urls to images the sameJoey Hess
Also, simplified finding the url to the top of the site.