summaryrefslogtreecommitdiff
path: root/po
AgeCommit message (Collapse)Author
2008-08-05add a guard against multiple cgi or rcs wrappersJoey Hess
2008-08-03add advanced and basic modesJoey Hess
2008-08-02websetup form display doneJoey Hess
2008-08-01banned_users move to setup file, stage 1Joey Hess
2008-08-01admin prefs move to setup file, stage 1Joey Hess
The locked pages configuration is moving to a locked_pages option in the setup file, and the allowed attachments configuration to allowed_attachments. The admin prefs page can still be used for these, but that's depreacted and will only be shown if there's currently a value.
2008-07-31releasing version 2.56Joey Hess
2008-07-25fix feed urlsJoey Hess
The fix for colons involved adding "./" to some urls. Due to the weird way inline called urlto, these snuck into feed urls and permalinks. Fix it by adding an optional third parameter to urlto.
2008-07-25commentsJoey Hess
2008-07-23link fixup on rename workingJoey Hess
2008-07-22Split out error messages from editpage.tmpl into several separate templates.Joey Hess
2008-07-21releasing version 2.54Joey Hess
2008-07-13switch preprocess hooks to use error functionJoey Hess
2008-07-12only htmlize errors when cgi is actually runningJoey Hess
2008-07-11whitespaceJoey Hess
2008-07-09releasing version 2.53Joey Hess
2008-07-09improve error message if virus checker fails w/o outputJoey Hess
2008-07-08responseJoey Hess
2008-07-06releasing version 2.52Joey Hess
2008-07-06editpage escaping fixesJoey Hess
* The editpage form now uses the raw page name, not the page title, in its 'page' cgi parameter. Using the title was ambiguous and made it impossible to tell between some pages, like "foo/bar" and "foo__47__bar", sometimes causing the wrong page to be edited. * This change means that some edit links need to be updated. Force a rebuild on upgrade to this version. * Above change also allowed really fixing escaped slashes from the blogpost form.
2008-07-02typoJoey Hess
2008-06-28call format hooks when generating page previewsJoey Hess
* toc: Revert change in 2.45 that made it run at sanitize time. This breaks use of toc in a sidebar. * Call format hooks when generating page previews, thus fixing toc display there, as well as fixing inlins to again display in page previews, since it's started using format hooks. This also allows several other things, like embed, that use format hooks, to work during page preview time. * Format hooks should not rely on getting an entire html document, as they will only get the body during page preview. * toggle: Deal with preview mode when adding javascript.
2008-06-13releasing version 2.50Joey Hess
2008-06-07img: Support captions.Joey Hess
2008-06-04finishing touches on the new search pluginJoey Hess
- Add a Help link. - If the pageterm is too long, hash it.
2008-06-04also decode html entities in the titleJoey Hess
2008-06-04Pass a destpage parameter to the sanitize hook.Joey Hess
Because the search plugin needed it, also because it's one of the few plugins that didn't already have it. I also considered adding it to htmlize, but I really cannot imagine caring what the destpage is when htmlizing. (I'll probably be poven wrong later.)
2008-06-04move indexing to sanitize hookJoey Hess
I think this will give better results overall. I made %IkiWiki::preprocessing accessible and used it to avoid indexing at unnecessary points.
2008-06-04more search improvementsJoey Hess
2008-05-30updated French translationJoey Hess
2008-05-30hashed password support, and empty password security fixJoey Hess
This implements the previously documented hashed password support. While implementing that, I noticed a security hole, which this commit also fixes..
2008-05-25releasing version 2.47Joey Hess
2008-05-12releasing version 2.46Joey Hess
2008-05-06pinger/pingee now tested and workingJoey Hess
2008-05-05aggregate: Add support for web-based triggering of aggregation for people ↵Joey Hess
stuck on shared hosting without cron. (Sheesh.) Enabled via the `aggregate_webtrigger` configuration optiom.
2008-05-05releasing version 2.45Joey Hess
2008-05-05enhancesments for shared hostingJoey Hess
* Add a Bundle::Ikiwiki to the source for use with CPAN to install *all* the modules ikiwiki can use. * Add a cpan directory containing a CPAN::MyConfig that can ease use of CPAN to install in a home directory on shared hosting providers. * With these changes, it's pretty easy to install onto nearlyfreespeech.net and probably other shared hosting providers like dreamhost. Added a tip page documentng the process for nearlyfreespeech.
2008-05-02Fix ugly display when editing a page that has vanished.Joey Hess
srcfile now has an optional second parameter to avoid it throwing an error if the source file does not exist.
2008-04-29Add missing de.po. Closes: #471540Joey Hess
2008-04-24releasing version 2.44Joey Hess
2008-04-16releasing version 2.43Joey Hess
2008-04-10Fix CSRF attacks against the preferences and edit forms. Closes: #475445Joey Hess
The fix involved embedding the session id in the forms, and not allowing the forms to be submitted if the embedded id does not match the session id. In the case of the preferences form, if the session id is not embedded, then the CGI parameters are cleared. This avoids a secondary attack where the link to the preferences form prefills password or other fields, and the user hits "submit" without noticing these prefilled values. In the case of the editpage form, the anonok plugin can allow anyone to edit, and so I chose not to guard against CSRF attacks against users who are not logged in. Otherwise, it also embeds the session id and checks it. For page editing, I assume that the user will notice if content or commit message is changed because of CGI parameters, and won't blndly hit save page. So I didn't block those CGI paramters. (It's even possible to use those CGI parameters, for good, not for evil, I guess..) The only other CSRF attack I can think of in ikiwiki involves the poll plugin. It's certianly possible to set up a link that causes the user to unknowingly vote in a poll. However, the poll plugin is not intended to be used for things that people would want to attack, since anyone can after all edit the poll page and fill in any values they like. So this "attack" is ignorable.
2008-03-29Added a hardlink option in the setup file, useful if the source and dest are ↵Joey Hess
on the same filesystem and the wiki includes large media files, which would normally be copied, wasting time and space.
2008-03-21defer po and pot file updating until package build timeJoey Hess
This allows make to be run without polluting the tree with lots of po file changes.
2008-03-15* French translation update. Closes: #471010Joey Hess
2008-03-12truncate recentchangesdiffs after 200 linesJoey Hess
This works around a perl crasher bug, and also avoids bloating pages with enormous diffs. rcs_recentchanges modified to return a list in an array context.
2008-03-12* Use forcebaseurl to make page previews be displayed with the html baseJoey Hess
set to the destination page. This avoids need for hacks to munge the urls in preview mode, which fixes several bugs. * Several destpage fixes in plugins.
2008-03-06* Updated Spanish translation from Victor Moral.Joey Hess
2008-03-03responseJoey Hess
2008-03-03* Add recentchangesdiff plugin that adds diffs to the recentchanges feeds.Joey Hess
* rcs_diff is a new function that rcs modules should implement. * Implemented rcs_diff for git, svn, and tla (tla version untested). Mercurial and monotone still todo.
2008-02-24Fix links generated by preprocessor directives when previewing.Joey Hess
As was already done for linkfication, links generated in a prevew page are relative to the top of the wiki, so it has to be told that the destpage is there. I was using "" to indicate this, but that may confuse some preprocessor plugins, which treat parameters with an empry value specially (sparkline is one such). Instead, use "/", which is more accurate anyway and works just as well.