summaryrefslogtreecommitdiff
path: root/debian
AgeCommit message (Collapse)Author
2008-04-26toc: Add the table of contents at sanitize time, rather than at format time. ↵Joey Hess
This allows the toc to be displayed when previewing an edit. It also avoids headers in the page template from showing up in the toc.
2008-04-24Correct a bug in pagespec matching, where a empty pagespec matched all pages.Joey Hess
This manifested as wikis with no locked pages treating them all as locked. The bug was introduced in version 2.41. Medium urgency upload due to above fix.
2008-04-21Allow libtext-markdown-perl to satisfy dependencies, as a an alternative to ↵Joey Hess
the markdown package.
2008-04-20add CVE linkJoey Hess
2008-04-17Bring back the svnrepo setup file option. This is needed for ↵Joey Hess
recentchangediff to work with svn repos.
2008-04-16releasing version 2.43Joey Hess
2008-04-11Recommend a recent git-core for git init. Closes: 475609Joey Hess
2008-04-10Give the full path to the hyperestraier helpfile in estseek.conf.Joey Hess
2008-04-10Use bzr --quiet to avoid it outputting stuff and messing up http headers. ↵Joey Hess
(Scott Bronson)
2008-04-10Fix broken rcs_update for bzr. (Scott Bronson)Joey Hess
2008-04-10Fix missing import of escapeHTML in userlink. (Scott Bronson)Joey Hess
2008-04-10releasing version 2.42Joey Hess
2008-04-10Fix CSRF attacks against the preferences and edit forms. Closes: #475445Joey Hess
The fix involved embedding the session id in the forms, and not allowing the forms to be submitted if the embedded id does not match the session id. In the case of the preferences form, if the session id is not embedded, then the CGI parameters are cleared. This avoids a secondary attack where the link to the preferences form prefills password or other fields, and the user hits "submit" without noticing these prefilled values. In the case of the editpage form, the anonok plugin can allow anyone to edit, and so I chose not to guard against CSRF attacks against users who are not logged in. Otherwise, it also embeds the session id and checks it. For page editing, I assume that the user will notice if content or commit message is changed because of CGI parameters, and won't blndly hit save page. So I didn't block those CGI paramters. (It's even possible to use those CGI parameters, for good, not for evil, I guess..) The only other CSRF attack I can think of in ikiwiki involves the poll plugin. It's certianly possible to set up a link that causes the user to unknowingly vote in a poll. However, the poll plugin is not intended to be used for things that people would want to attack, since anyone can after all edit the poll page and fill in any values they like. So this "attack" is ignorable.
2008-04-03need to handle urls to images the sameJoey Hess
Also, simplified finding the url to the top of the site.
2008-04-03aggregate: Correct a mistake in the code that dummy up a guid for feeds ↵Joey Hess
lacking one.
2008-03-29releasing version 2.41Joey Hess
2008-03-29Added a hardlink option in the setup file, useful if the source and dest are ↵Joey Hess
on the same filesystem and the wiki includes large media files, which would normally be copied, wasting time and space.
2008-03-23inline: Allow the "feedshow" parameter to take values greater than the value ↵Joey Hess
for "show".
2008-03-21defer po and pot file updating until package build timeJoey Hess
This allows make to be run without polluting the tree with lots of po file changes.
2008-03-21external: Work around XML RPC's lack of support for null by passing a ↵Joey Hess
special sentinal value.
2008-03-21Changed to a binary index file, written using Storable, for speedJoey Hess
During refresh of a wiki with 800 files, loadindex was using more total time than any other function, and saveindex was also in the top ten. Rewriting them to use Storable makes them three times as fast. 0.7 seconds is saved on my laptop in profiling mode.
2008-03-21Precompile pagespecs, about 10% overall speedupJoey Hess
About 12% of ikiwiki runtime was spent in pagespec_match. It was evaling the same pagespec code over and over again. This changes pagespec_translate to return memoized, precompiled functions that can be called to match against a given pagespec. This also allows getting rid of the weird variable scoping trick that had to be in effect for pagespec_translate to be called -- the variables are now just fed into the function it returns. On my laptop, this drops build time for the docwiki from about 60 to 50 seconds.
2008-03-21crazy optimisation to work around slow markdownJoey Hess
Markdown is slow. Especially if it has to process an enormous page. The most common enormous page is currently the recentchanges page, which gets processed a lot, and contains very little actual markdown. Most of it is a big <div>, which markdown skips ... slowly. This is a rather sick optimisation to work around markdown's speed issues. Now inline inserts a small, dummy div, allows markdown to quickly render the actual page content, then replaces the dummy with the actual inlined pages later. Results: Rendering just a recentchanges page, with diffs included, dropped from 4.5 seconds to 2.7 seconds on my laptop. Building the entire wiki dropped from 46.6 seconds to 39.5 seconds. (It would be better if inline were a *post*-processor directive.)
2008-03-21typoJoey Hess
2008-03-21smiley: Detect smileys inside pre and tags, and do not expand.Joey Hess
2008-03-21Close meta tag for redir properly.Joey Hess
2008-03-19Store userinfo in network byte order for easy portability. (Old files will ↵Joey Hess
be automatically converted.)
2008-03-19Time::Duration is no longer used, remove from docs and recommends.Joey Hess
2008-03-18German translation update. Closes: #471540Joey Hess
2008-03-17* Record new pages in %pagesources temporarily when previewing so thatJoey Hess
things that need to know the page source or type can query it from there. Fixes previewing of tables when creating a new page.
2008-03-17updateJoey Hess
2008-03-17* Detect invalid pagespecs and do not merge them in add_depends,Joey Hess
as that can result in a broken merged pagespec that matches nothing.
2008-03-17* Correct bug in encoding of %pagestate keys, fixes edittemplate.Joey Hess
2008-03-15* external: Add getargv and setargv methods to allow access to ikiwiki'sJoey Hess
@ARGV.
2008-03-15* htmltidy: Pass --markup yes, in case tidy's config file disabled it.Joey Hess
2008-03-15* external: Fix support of XML::RPC::fault.Joey Hess
2008-03-15updateJoey Hess
2008-03-15updateJoey Hess
2008-03-15* French translation update. Closes: #471010Joey Hess
2008-03-14* Fix expiry of old recentchanges changeset pages.Joey Hess
2008-03-12* Use absolute url for feedurl when filling out the feed templates.Joey Hess
Closes: #470530
2008-03-12* Use forcebaseurl to make page previews be displayed with the html baseJoey Hess
set to the destination page. This avoids need for hacks to munge the urls in preview mode, which fixes several bugs. * Several destpage fixes in plugins.
2008-03-12changelogJoey Hess
2008-03-12* monotone: Require version 0.38 or greater, and stop using the mtnmergercJoey Hess
option. (Brian May)
2008-03-11updateJoey Hess
2008-03-11add changelog messagesJoey Hess
2008-03-07* Remove locking code in git rcs_commit. I'm not sure if this was everJoey Hess
correct, and it's certianly not correct now, since the wiki is locked before rcs_commit is ever called, and should not be unlocked by rcs_commit either.
2008-03-06* Fix example exclude regexp. Closes: #469691Joey Hess
2008-03-06* Updated Spanish translation from Victor Moral.Joey Hess
2008-03-04test for Text::Markdown::[Mm]arkdown and use the available oneJoey Hess
Markdown is such a splintered mess.. The current debian package provides only Text::Markdown::Markdown, while all versions of Text::Markdown support Text::Markdown::markdown, and old versions also support the capitalised version, while new ones don't. It's getting to the point where `grep /markdown/i %symbol_table` is the only sane way to figure out what function to call..