summaryrefslogtreecommitdiff
path: root/IkiWiki
AgeCommit message (Collapse)Author
2010-03-12htmlscrubber: Security fix: In data:image/* uris, only allow a few ↵Joey Hess
whitelisted image types. No svg.
2010-03-11search: Avoid '$' in the wikiname appearing unescaped on omega's query ↵Joey Hess
template, where it might crash omega. Really, a more general fix, this deals with any $ that might appear on the misctemplate.
2010-03-11moderatedcomments: Added moderate_pagespecJoey Hess
* moderatedcomments: Added moderate_pagespec that can be used to control which users or comment locations are moderated. This can be used, just for example, to moderate http://myopenid.com/* if you're getting a lot of spammers from one particular openid provider (who should perhaps answer your emails about them), while not moderating other users. * moderatedcomments: The moderate_users setting is deprecated. Instead, set moderate_pagespec to "!admin()" or "user(*)" instead.
2010-03-09typoJoey Hess
2010-03-09Fix utf8 issues in calls to md5_hex.Joey Hess
This prevented comments containing some utf-8, including euro sign, from being submitted. Since md5_hex is a C implementation, the string has to be converted from perl's internal encoding to utf-8 when it is called. Some utf-8 happened to work before, apparently by accident. Note that this will change the checksums returned. unique_comment_location is only used when posting comments, so the checksum does not need to be stable there. I only changed page_to_id for completeness; it is passed a comment page name, and they can currently never contain utf-8. In teximg, the bug could perhaps be triggered if the tex source contained utf-8. If that happens, the checksum will change, and some extra work might be performed on upgrade to rebuild the image.
2010-02-28Add new --clean option; this makes ikiwiki remove all built files in the ↵Joey Hess
destdir, as well as wrappers and the .ikiwiki directory.
2010-02-27Fix admin openid detection in setup automator, and avoid prompting for a ↵Joey Hess
password.
2010-02-27Add force_overwrite setting to make setup automator overwrite existing ↵Joey Hess
files/directories. This can be useful if you're driving the setup automator from another program.
2010-02-24catch failure to open the filetypes fileJoey Hess
2010-02-14comments: Display number of comments in comment action link.Joey Hess
This was not doable before, but when I added transitive dependency handling in the big dependency rewrite, it became possible to include a comment count when inlining. This also improves the action link when a page has no comments. It will link direct to the cgi to allow posting the first comment. And if the page is locked to prevent posting new comments, the link is no longer shown.
2010-02-14minor refactor/optimisationJoey Hess
2010-02-12setup file orderingJoey Hess
2010-02-12add section informationJoey Hess
2010-02-12formatting sillynessJoey Hess
2010-02-12remove unnecessary IkiWiki::Joey Hess
2010-02-12bordersJoey Hess
2010-02-12format plugin categorizationJoey Hess
2010-02-12add plugin section, and show which plugins need no configurationJoey Hess
2010-02-12rewordJoey Hess
2010-02-12improve websetup fieldset displayJoey Hess
to handle sections
2010-02-11fix websetup display of unsafe arrays in expert modeJoey Hess
2010-02-11Group related plugins into sections in the setup file, and drop unused rcs ↵Joey Hess
plugins from the setup file.
2010-02-11reorder canedit checks during page creation to have best_loc firstJoey Hess
When creating a page, multiple locations are tested to see if they can be edited. If all fail, one of the failure subs is called, to log the user in to allow them to proceed with the edit. So far so good. But, what if some pages fail for one reason, and some for another? This occurs when httpauth_pagespec is used in conjunction with signinedit (and openid or something). When the user is not signed in at all The former will fail to edit a page because the user was not httpauthed. The latter will fail to edit a different page, because the user was not signed in. One of their failure methods gets to run first. The page creation code always ran the failure method corresponding to the topmost page location. So, when editing a foo/Discussion page, and with httpauth_pagespec => "*!/Discussion", it ran the httpauth failure method, which was exactly the wrong thing to do. I fixed this by making it instead run the failure method for the *best* page location. In the above example, that's foo/Discussion, so signinedit runs, as desired, and we get the signin page. This seems like it will be the right choice, or at least an acceptable choice. If a user wants to use httpauth they can always choose it on the signin page.
2010-02-11partially fix httpauth canedit hookJoey Hess
My logic was right before. Cleaned up some code. (Page creation is still a problem.) Also, I removed the Edit url munging, because that is not necessary with the canedit hook, since canedit will handle redirection through cgiauthurl if necessary.
2010-02-11fix logic errorJoey Hess
2010-02-11httpauth: Add httpauth_pagespec setting that can be used to limit pages to ↵Joey Hess
only being edited via users authed with httpauth.
2010-02-11httpauth: When cgiauthurl is configured, httpauth can now be used alongside ↵Joey Hess
other authentication methods (like openid or anonok). Rather than always redirect to the cgiauthurl for authentication, there is now a button on the login form to use it.
2010-02-11patch so farJoey Hess
2010-02-09amazon_s3: Fix to support the EU S3 datacenter, which is more picky about ↵Joey Hess
attempts to create already existing buckets.
2010-02-06Fix color and format plugins to appear in the websetup interface.Joey Hess
2010-02-06opendiscussion: This plugin will also now allow posting commentsJoey Hess
to otherwise locked-down sites.
2010-02-06ensure opendiscussion hook is always called before lockeditJoey Hess
This was only ordered ok due to luck before.
2010-02-05revert accidental code changeJoey Hess
2010-02-05responseJoey Hess
2010-02-04factor out a userpage functionJoey Hess
Not yet exported, as only 4 quite core plugins use it.
2010-02-04Add link to userpage (or creation link) to top of preferences page.Joey Hess
2010-02-04typoJoey Hess
2010-02-04Improve display of openid in preferences page.Joey Hess
Now that openiduser is in IkiWiki core, it's ok to have passwordauth check for it, and avoid displaying useless password fields when showing preferences for an openid. Also improved the styling of the display of the openid in the preferneces page.
2010-02-04Allow jumping directly into account registration process by going to ↵Joey Hess
ikiwiki.cgi?do=register
2010-02-03fix bugs in `find_src_files()`.David Riebenbauer
Use `_` to avoid superfluous stat. Check for `defined $file`, instead of just `$file`. Add spaces after commas. Change return values of `verify_src_file()` to not return the tainted filename. Rename `$f` to `$file_untainted in `verify_src_file()`. $f changes to `$file` in `find_src_files()`. This attempts to fix commit f3abeac919c4736429bd3362af6edf51ede8e7fe. For discussion see <http://ikiwiki.info/todo/auto-create_tag_pages_according_to_a_template/>
2010-02-02Export add_autofile() for use in Plugins.David Riebenbauer
2010-02-02Revert the effects of find_del_files() for (re)autoadded files.David Riebenbauer
This also means that if autoadded files are deleted they will just be recreated.
2010-02-02Use add_autofile() in tag.pmDavid Riebenbauer
to make the automatically created tagpages render.
2010-02-02Process files from @autofiles in refresh().David Riebenbauer
To make automatically added files render they have to be added to the $files, $pages, $new, and $changed variables. After that scan() is called on them.
2010-02-02Automatically create tag pages,David Riebenbauer
if "tag_autocreate=1" is set in the configuration. The pages will be created in tagbase, if and only if they do not exist in the srcdir yet. Tag pages will be create from "autotag.tmpl". At this stage a second refresh is needed for the tag pages to be rendered. Add autotag.tmpl template.
2010-02-02Code deduplication fin find_src_files()David Riebenbauer
This also has the advantage that I can use the resulting new function elsewhere.
2010-02-01setup automator: Configure Term::Readline to use bold for prompt, rather ↵Joey Hess
than default underline. Closes: #517656
2010-01-28img: Fix a bug that could taint @links with undef values.Joey Hess
2010-01-26template: Preprocess parameters before htmlizing.Joey Hess
Consider a template like: [[!template type=note text=""" [[!inline pages="*foo*"]] """]] The text parameter is htmlized before being passed into the template (in case the template wraps it in a <span> that prevents markdown from htmlizing it later). But, when markdown sees "*foo*", it turns that into <em>foo</em>. Later, when preprocessing the inline directive, that leads to suprising results. To fix this, I made template parameters be preprocessed (and filtered) before being htmlized. Note that I left in the preprocessing (and filtering) of the template output at the end. That's still relevant when the template itself contains preprocessor directives.
2010-01-21po: avoid crash when page is emptyJoey Hess
Note that there is an associated po4a warning when a page is empty: Use of uninitialized value $file in substitution (s///) at /usr/share/perl5/Locale/Po4a/Text.pm line 205. I've filed a bug with po4a about that, but the important thing is fixing the crash here.