summaryrefslogtreecommitdiff
path: root/IkiWiki
AgeCommit message (Collapse)Author
2010-07-04further sanitize nickname charactersJoey Hess
2010-07-04po: added support for html pagetypeintrigeri
... after having audited the po4a Xml and Xhtml modules for security issues. Signed-off-by: intrigeri <intrigeri@boum.org> (cherry picked from commit a128c256a51392fcf752bf612d83a90e8c68027e)
2010-07-04po: s/utf-8/UTF-8, to solve part of the double commit bug.intrigeri
(cherry picked from commit 4f44534d72c9a9a947bc38a3cb4987705c25bea5)
2010-07-04remove unnecessary and troublesome filter callsJoey Hess
This better defines what the filter hook is passed, to only be the raw, complete text of a page. Not some snippet, or data read in from an unrelated template. Several plugins that filtered text that originates from an (already filtered) page were modified not to do that. Note that this was not done very consistently before; other plugins that receive text from a page called preprocess on it w/o first calling filter. The template plugin gets text from elsewhere, and was also changed not to filter it. That leads to one known regression -- the embed plugin cannot be used to embed stuff in templates now. But that plugin is deprecated anyway. Later we may want to increase the coverage of what is filtered. Perhaps a good goal would be to allow writing a filter plugin that filters out unwanted words, from any input. We're not there yet; not only does the template plugin load unfiltered text from its templates now, but so can the table plugin, and other plugins that use templates (like inline!). I think we can cross that bridge when we come to it. If I wanted such a censoring plugin, I'd probably make it use a sanitize hook instead, for the better coverage. For now I am concentrating on the needs of the two non-deprecated users of filter. This should fix bugs/po_vs_templates, and it probably fixes an obscure bug around txt's use of filter for robots.txt.
2010-07-04review of needstranslation() pagespecJoey Hess
Minor wording fix; changelog; etc.
2010-07-04po: added a needstranslation() pagespecintrigeri
(cherry picked from commit b225fdc44d4b3d2853db622d59aed7b59788aeec)
2010-07-02bugfixintrigeri
2010-07-01git: Added git_wrapper_background_command option. Can be used to eg, make ↵Joey Hess
the git wrapper push to github in the background after ikiwiki runs.
2010-06-29Merge remote branch 'upstream/master' into prv/pointrigeri
Conflicts: doc/plugins/po.mdwn
2010-06-29po: added a needstranslation() pagespecintrigeri
2010-06-29Add a fullpage arg to filter.intrigeri
Set it to true every time IkiWiki::filter is called on a full page's content. This is a much nicer solution, for the po plugin, than previous whitelisting using caller().
2010-06-27hnb: Fixed broken use of mkstemp that had caused dangling temp files, and ↵Joey Hess
prevented actually rendering hnb files.
2010-06-26po: s/utf-8/UTF-8, to solve part of the double commit bug.intrigeri
2010-06-26po_slave_languages can now be a hash, if order matters.intrigeri
2010-06-25po: added support for html pagetypeintrigeri
... after having audited the po4a Xml and Xhtml modules for security issues. Signed-off-by: intrigeri <intrigeri@boum.org>
2010-06-25TODO++intrigeri
2010-06-25po: also filter sidebar translation pagesintrigeri
2010-06-25po: fix bug with translated pages including templatesintrigeri
The protection against processing loops (i.e. the alreadyfiltered stuff) was playing against us: the template plugin triggered a filter hooks run with the very same ($page, $destpage) arguments pair that we use to identify a already filtered page. Processing an included template could then mark the whole translation page as already filtered, which prevented po_to_markup to be called on the PO content. This commit only runs the whole PO filter logic when our filter hook is run by IkiWiki::render, which only happens when the full page needs to be filtered.
2010-06-25Merge remote branch 'upstream/master' into prv/pointrigeri
Conflicts: IkiWiki/Plugin/po.pm
2010-06-23chdir to srcdir in rcs_getctimeJoey Hess
2010-06-23bugfixJoey Hess
2010-06-23finializing openid nickname supportJoey Hess
Renamed usershort => nickname. Note that this means existing user login sessions will not have the nickname recorded, and so it won't be used for those.
2010-06-23git: Record the username from openid in the git author email. (This avoids ↵Joey Hess
display of ugly google openids.)
2010-06-23take username from email address as fallbackJoey Hess
2010-06-23rcs_getctime and rcs_getmtime take relative filenamesJoey Hess
There was some confusion about whether the filename was relative to srcdir or not. Some test cases, and the bzr plugin assumed it was relative to the srcdir. Most everything else assumed it was absolute. Changed it to relative, for consistency with the rest of the rcs_ functions.
2010-06-23rcs_commit and rcs_commit_staged api changesJoey Hess
Using named parameters for these is overdue. Passing the session in a parameter instead of passing username and IP separately will later allow storing other session info, like username or part of the email. Note that these functions are not part of the exported API, and the prototype change will catch (most) skew, so I am not changing API versions. Any third-party plugins that call them will need updated though.
2010-06-23update for new rcs_commit_staged APIJoey Hess
In the process, lost the commits from special usernames when committing changed po files. Instead of trying to dummy up a session object for the special username, I just don't pass one, and the commit will appear to be from whatever user ikiwiki runs as.
2010-06-23stop using REMOTE_ADDRJoey Hess
Everywhere that REMOTE_ADDR was used, a session object is available, so instead use its remote_addr method. In IkiWiki::Receive, stop setting a dummy REMOTE_ADDR. Note that it's possible for a session cookie to be obtained using one IP address, and then used from another IP. In this case, the first IP will now be used. I think that should be ok.
2010-06-23API: rcs_commit and rcs_commit_staged are passed a new parameterJoey Hess
that may contain the username component of the email address of the user making the commit.
2010-06-23Add new optional field usershort to rcs_recentchanges.Joey Hess
Now the git plugin supports commits with author fields that look like: Author: http://my.openid/ <me@web> Then in recentchanges, the short username will be displayed, linking to the openid. Particularly useful for the horrible google openids, of course.
2010-06-23whitespaceJoey Hess
2010-06-23bugfix: record email-like links as page linksJoey Hess
This way, an email-like link will be a mailto until a matching page is created, then it will link to the page. And removing the page will convert it back to a mailto.
2010-06-23simplify anchor handlingJoey Hess
At least two bugfixes in here. First, an old bug; \[[foo#0]] was displayed as [[foo]], losing the anchor as the anchor text was false. Secondly, a new bug; an email like foo#bar@baz should not check bestlink("foo@baz").
2010-06-23avoid needing full email regexpJoey Hess
Fully validating the email address is not necessary, all that matters is not matching an url like http://foo@bar/ as an email address.
2010-06-19Enhance the link plugin to handle external links.Bernd Zeimetz
The following ways to create a link are supported now: [[url]] [[text|url]] url can be one of the following: - an internal wikilink: will be handled as before - any other kind of URL, including mailto: proper links will be created: <a href="url">url</a> <a href="url">text</a> - an email address: <a href="mailto:url">url</a> <a href="mailto:url">text</a>
2010-06-18store state to avoid needing to rebuild when changing themeJoey Hess
2010-06-18needsbuild hook is passed an array refJoey Hess
2010-06-18avoid shellingJoey Hess
2010-06-18mercurial: Fix buggy getctime code.Joey Hess
The file passed to rcs_getctime is already absolute, and it was trying to stick the srcdir on the front. Also, eliminated potentially unsafe shelling.
2010-06-17avoid dying if cannot chdir to an underlaydirJoey Hess
2010-06-16Merge branch 'themes'Joey Hess
2010-06-16force list contextJoey Hess
run_or_die returns a status code in scalar context
2010-06-16force rebuild for theme changeJoey Hess
For now, a rebuild is the only way to ensure the changed theme is used. Ikiwiki normally will not realize style.css has changed, since themes tend to have the same timestamp for the file.
2010-06-16add theme pluginJoey Hess
2010-06-16Encode not usedJoey Hess
2010-06-16attachment: Support Windows paths when taking basename of client-supplied ↵Joey Hess
file name.
2010-06-15git: Gix --gettime to properly support utf8 filenames.Joey Hess
In passing, fixed a bug where the srcdir was in a subdir of a repository named "0".
2010-06-15Make --gettime be honored after initial setup.Joey Hess
Bugfix in passing: New files not treated as such when no rcs is used.
2010-06-15fix other cases of unicode mixing issueJoey Hess
and fix underlaydir override attack guard when srcdir is non-absolute
2010-06-15Fix issues with combining unicode srcdirs and source files.Joey Hess
A short story: Once there was a unicode string, let's call him Srcdir. Along came a crufy old File::Find, who went through a tree and pasted each of the leaves in turn onto Srcdir. But this 90's relic didn't decode the leaves -- despite some of them using unicode! Poor Srcdir, with these leaves stuck on him, tainted them with his nice unicode-ness. They didn't look like leaves at all, but instead garbage. (In other words, perl's unicode support sucks mightily, and drives us all to drink and bad storytelling. But we knew that..) So, srcdir is not normally flagged as unicode, because typically it's pure ascii. And in that case, things work ok; File::Find finds filenames, which are not yet decoded to unicode, and appends them to the srcdir, and then decode_utf8 happily converts the whole thing. But, if the srcdir does contain utf8 characters, that breaks. Or, if a Yaml setup file is used, Yaml::Syck's implicitunicode sets the unicode flag of *all* strings, even those containing only ascii. In either case, srcdir has the unicode flag set; a non-decoded filename is appended, and the flag remains set; and decode_utf8 sees the flag and does *nothing*. The result is that the filename is not decoded, so looks valid and gets skipped. File::Find only sticks the directory and filenames together in no_chdir mode .. but we need that mode for security. In order to retain the security, and avoid the problem, I made it not pass srcdir to File::Find. Instead, chdir to the srcdir, and pass ".". Since "." is ascii, the problem is avoided. Note that chdir srcdir is safe because we check for symlinks in the srcdir path. Note that it takes care to chdir back to the starting location. Because the user may have specified relative paths and so staying in the srcdir might break. A relative path could even be specifed for an underlay dir, so it chdirs back after each.