summaryrefslogtreecommitdiff
path: root/debian/changelog
AgeCommit message (Collapse)Author
2010-04-05txt: Add a special case for robots.txt.Joey Hess
2010-04-05comments: Fix missing entity encoding in title.Joey Hess
The meta title data set by comments needs to be encoded the same way that meta encodes it. (NB The security implications of the missing encoding are small.) Note that meta's encoding of title, description, and guid data, and not other data, is probably a special case that should be removed. Instead, these values should be encoded when used. I have avoided doing so here because that would mean forcing a wiki rebuild on upgrade to have the data consitently encoded.
2010-04-04changelogJoey Hess
2010-04-03releasing version 3.20100403Joey Hess
2010-04-02template: Search for templates in the templatedir, if they are not found as ↵Joey Hess
pages in the wiki.
2010-04-02htmlscrubber: Allow colons in url fragments after '?'Joey Hess
Colons are not allowed at the start of urls, because it can be interpreted as a protocol, and allowing arbitrary protocols can be unsafe (CVE-2008-0809). However, this check was too restrictive, not allowing use of eg, "video.ogv?t=0:03:00/0:04:00" to seek to a given place in a video, or "somecgi?foo=bar:baz" to pass parameters with colons. It's still not allowed to have a filename with a colon in it (ie "foo:bar.png") -- to link to such a file, a fully qualified url must be used.
2010-03-31page.tmpl: Add Cache-Control must-revalidate to ensure that users ↵Joey Hess
(especially of Firefox) see fresh page content. Since Firefox version 3, it's done aggressive caching of visited pages, and does not, by default, check if the cached content is still valid when reloading or revisiting a page. By default, Firefox seems to not re-contact the web server at all. Compare with eg, Epiphany and Chromium, which appear to always check, and get back a 304 when the page is unchanged. This header makes Firefox do the right thing, at least for html files. It still over-caches if css, javascript, images, etc, are changed.
2010-03-29updateJoey Hess
2010-03-28auto-blog.setup: Set tagbase by default, since most bloggers will want it.Joey Hess
Also modified first_post page to use a tag format that will work whether or not tagbase is set.
2010-03-26Add preprocessed 'use lib' line to ikiwiki-transition and ikiwiki-calendar ↵Joey Hess
if necessary for unusual install.
2010-03-26Fix incorrect influence info returned by a failing link() pagespec, that ↵Joey Hess
could lead to bad dependency handling in certian situations.
2010-03-26fix the other half of the filecheck filename bugJoey Hess
2010-03-25filecheck: Fix bug that prevented the pagespecs from matching when not ↵Joey Hess
called by attachment plugin.
2010-03-24use perl YAML for dumpingJoey Hess
Only it understands $YAML::UseHeader
2010-03-24Add --set-yaml switch for setting more complex config file options.Joey Hess
2010-03-21reset setuptype first, actuallyJoey Hess
so setup file can override default
2010-03-19Add support for setup files written in YAML.Joey Hess
Not the default. (Yet?)
2010-03-18Allow wrappers to be built using tcc.Joey Hess
2010-03-14Add a include setting, which can be used to make ikiwiki process wiki source ↵Joey Hess
files, such as .htaccess, that would normally be skipped for security or other reasons. Closes: #447267 (Thanks to Aaron Wilson for the original patch.)
2010-03-14Add complete German basewiki and directives translation done by Sebastian ↵Joey Hess
Kuhnert.
2010-03-13Improve openid url munging; do not display anchors and cgi parameters, as ↵Joey Hess
used by yahoo and google urls.
2010-03-13openid: Use Openid Simple Registration or OpenID Attribute Exchange to get ↵Joey Hess
the user's email address and username. The info is stored in the session database, not the user database. There should be no reason to need it when a user is not logged in. Also, hide the email field in the preferences page for openid users. Note that the email and username are not yet actually used for anything. The email will be useful for gravatar, while the username might be used for a more pretty display of the openid.
2010-03-13websetup: Add websetup_unsafe to allow marking other settings as unsafe.Joey Hess
2010-03-12htmlscrubber: Security fix: In data:image/* uris, only allow a few ↵Joey Hess
whitelisted image types. No svg.
2010-03-11formattingJoey Hess
2010-03-11redundancyJoey Hess
2010-03-11search: Avoid '$' in the wikiname appearing unescaped on omega's query ↵Joey Hess
template, where it might crash omega. Really, a more general fix, this deals with any $ that might appear on the misctemplate.
2010-03-11Fix missing span on recentchanges page template.Joey Hess
2010-03-11moderatedcomments: Added moderate_pagespecJoey Hess
* moderatedcomments: Added moderate_pagespec that can be used to control which users or comment locations are moderated. This can be used, just for example, to moderate http://myopenid.com/* if you're getting a lot of spammers from one particular openid provider (who should perhaps answer your emails about them), while not moderating other users. * moderatedcomments: The moderate_users setting is deprecated. Instead, set moderate_pagespec to "!admin()" or "user(*)" instead.
2010-03-09Fix utf8 issues in calls to md5_hex.Joey Hess
This prevented comments containing some utf-8, including euro sign, from being submitted. Since md5_hex is a C implementation, the string has to be converted from perl's internal encoding to utf-8 when it is called. Some utf-8 happened to work before, apparently by accident. Note that this will change the checksums returned. unique_comment_location is only used when posting comments, so the checksum does not need to be stable there. I only changed page_to_id for completeness; it is passed a comment page name, and they can currently never contain utf-8. In teximg, the bug could perhaps be triggered if the tex source contained utf-8. If that happens, the checksum will change, and some extra work might be performed on upgrade to rebuild the image.
2010-03-02releasing version 3.20100302Joey Hess
2010-02-28Add new --clean option; this makes ikiwiki remove all built files in the ↵Joey Hess
destdir, as well as wrappers and the .ikiwiki directory.
2010-02-27Fix admin openid detection in setup automator, and avoid prompting for a ↵Joey Hess
password.
2010-02-27Add force_overwrite setting to make setup automator overwrite existing ↵Joey Hess
files/directories. This can be useful if you're driving the setup automator from another program.
2010-02-26Loosen regexp, to allow empty quoted parameters in directives.Joey Hess
2010-02-14comments: Display number of comments in comment action link.Joey Hess
This was not doable before, but when I added transitive dependency handling in the big dependency rewrite, it became possible to include a comment count when inlining. This also improves the action link when a page has no comments. It will link direct to the cgi to allow posting the first comment. And if the page is locked to prevent posting new comments, the link is no longer shown.
2010-02-12releasing version 3.20100212Joey Hess
2010-02-11Group related plugins into sections in the setup file, and drop unused rcs ↵Joey Hess
plugins from the setup file.
2010-02-11Allow globs to be used in user() pagespecs.Joey Hess
2010-02-11httpauth: Add httpauth_pagespec setting that can be used to limit pages to ↵Joey Hess
only being edited via users authed with httpauth.
2010-02-11httpauth: When cgiauthurl is configured, httpauth can now be used alongside ↵Joey Hess
other authentication methods (like openid or anonok). Rather than always redirect to the cgiauthurl for authentication, there is now a button on the login form to use it.
2010-02-09amazon_s3: Fix to support the EU S3 datacenter, which is more picky about ↵Joey Hess
attempts to create already existing buckets.
2010-02-06Fix color and format plugins to appear in the websetup interface.Joey Hess
2010-02-06add opendiscussion to auto-blog.setupJoey Hess
2010-02-06opendiscussion: This plugin will also now allow posting commentsJoey Hess
to otherwise locked-down sites.
2010-02-06auto-blog.setup: Lock all pages, so only admin can post to the blog by default.Joey Hess
2010-02-04Add link to userpage (or creation link) to top of preferences page.Joey Hess
2010-02-04Improve display of openid in preferences page.Joey Hess
Now that openiduser is in IkiWiki core, it's ok to have passwordauth check for it, and avoid displaying useless password fields when showing preferences for an openid. Also improved the styling of the display of the openid in the preferneces page.
2010-02-04Allow jumping directly into account registration process by going to ↵Joey Hess
ikiwiki.cgi?do=register
2010-02-01setup automator: Configure Term::Readline to use bold for prompt, rather ↵Joey Hess
than default underline. Closes: #517656