summaryrefslogtreecommitdiff
path: root/templates/editpage.tmpl
AgeCommit message (Collapse)Author
2008-07-22Split out error messages from editpage.tmpl into several separate templates.Joey Hess
2008-07-21skeleton rename pluginJoey Hess
2008-07-21simplified confirmation formJoey Hess
also, there's no titlepage conversion issues
2008-07-21editpage: Don't show attachments link when attachments are disabled.Joey Hess
2008-07-06add br at topJoey Hess
firefox 3 smooshed the page location dropdown up to the page title, obscuring descenders and underscores. Maybe that's a bug, since the CSS didn't ask it to, but I think adding the extra space of a br at the top looks better anyway.
2008-07-02toggle: Add javascript to top of page, not to end. This avoids flicker since ↵Joey Hess
closed toggles will not be displayed as the page is loading.
2008-07-02xhtml fixesJoey Hess
2008-07-02attachments interface visibility togglingJoey Hess
2008-07-01basic attachment listJoey Hess
2008-06-30add support for an attachment upload fieldJoey Hess
FormBuilder makes it annoyingly hard to move a submit button to a nonstandard place. The button name has to be "_submit" or FormBuilder will ignore it.
2008-04-10Fix CSRF attacks against the preferences and edit forms. Closes: #475445Joey Hess
The fix involved embedding the session id in the forms, and not allowing the forms to be submitted if the embedded id does not match the session id. In the case of the preferences form, if the session id is not embedded, then the CGI parameters are cleared. This avoids a secondary attack where the link to the preferences form prefills password or other fields, and the user hits "submit" without noticing these prefilled values. In the case of the editpage form, the anonok plugin can allow anyone to edit, and so I chose not to guard against CSRF attacks against users who are not logged in. Otherwise, it also embeds the session id and checks it. For page editing, I assume that the user will notice if content or commit message is changed because of CGI parameters, and won't blndly hit save page. So I didn't block those CGI paramters. (It's even possible to use those CGI parameters, for good, not for evil, I guess..) The only other CSRF attack I can think of in ikiwiki involves the poll plugin. It's certianly possible to set up a link that causes the user to unknowingly vote in a poll. However, the poll plugin is not intended to be used for things that people would want to attack, since anyone can after all edit the poll page and fill in any values they like. So this "attack" is ignorable.
2007-08-17* Applied Jeremie Koenig's pluggable editpage buttons patch:joey
- add a title to the editpage form; - pass a reference to the list of buttons to the formbuilder_setup hooks, so we can add ours; - relax asumption about the possible submit values (use "Save Page" explicitly); - de-hardcode the submit buttons from the editpage template (This was needed for compatability with a bug in CGI::FormBuilder 3.0401, but ikiwiki already needs a newer version.) * Pass buttons to all other formbuilder_setup hooks too.
2007-07-16* Wrap the editpage template in the standard misctemplate, this allows thejoey
pagetemplate hook to work for that page. * Above change fixes the favicon plugin to work on edit pages.
2007-05-11* Make all templates have a footer div to ease themeing. Required templatejoey
and style sheet updates, and unless you're using customised versions, you'll want to rebuild wikis on upgrade to this version to avoid inconsistencies. * Allow WIKINAME to to used in footers, as an example of something to put there.
2007-03-17wordingjoey
2007-03-17* Detect the case of two people independently creating the same page at thejoey
same time, and let the second person resolve the conflict.
2007-02-24* Patch from Ethan to improve behavior if a page is deleted or moved whilejoey
someone is editing it. * Some cleanup of field setting in the failed edit and conflict handling code.
2007-02-15* Many changes to make ikiwiki very resistant to write failuresjoey
including out of disk space situations. ikiwiki should never leave truncated files, and if the error occurs during a web-based file edit, the user will be given an opportunity to retry. Inspired by the many ways Moin Moin destroys itself when out of disk. :-) * Fix syslogging of errors.
2006-11-15typosjoey
2006-11-10* Work around a strange bug in CGI::FormBuilder 3.0401 that makesjoey
FORM-SUBMIT unusable on customised formbuilder templates. For now, hardcode the submit buttons in editpage.tmpl instead of using the template variable, which is ok, since the buttons are static.
2006-09-17fix mime typejoey
2006-09-16* Updated ikiwiki.svgz from Recai, includes an icon and is used to generatejoey
a multi-resolution favicon.ico.
2006-09-16* pagetemplate hooks are now also called when generating cgi pages.joey
* Add a favicon plugin, which simply adds a link tag for an icon to each page (and cgis).
2006-08-24* Make all pages pull in a local.css style sheet, if present. This won'tjoey
be included in ikiwiki, but can be created to make local styling changes w/o needing to merge in every new change to the distributed style.css.
2006-08-21* Fixed a bug with previews of subpages having broken links to top-leveljoey
pages. * Change how the stylesheet url is determined in the templates: Remove STYLEURL and add BASEURL to all templates (some already had it). This new more general variable can be used to link to other things (eg, images) from the template, as well as stylesheets.
2006-07-26* Patch from Recai to allow selection of page type when creating a new page.joey
Default page type is inherited from the link clicked on to create the new page.
2006-07-02 so make sure to let perl know it should be handled as utf8. Also,joey
* Improve layout of edit page so formatting help link is always visible w/o getting in the way of the preview.
2006-05-27* Add -refresh option to ikiwiki-mass-rebuild and use that on upgrades thatjoey
do not need a full rebuild, in order to update any basewiki pages.
2006-05-26header can appear more than one time, so is a class, not an idjoey
2006-05-26* The page name and parent links has switched from using a <h1> to a styledjoey
<span>, so pages can use <h1> internally instead of needing to use <h2>. * Updated all of ikiwiki's own wiki pages for that. * Add pagetemplate hook, which can be used by plugins that want to mess around with adding new stuff to the page template. * Remove headercontent; the search plugin now adds the search box to the header by registering a pagetemplate hook, and other plugins should do similarly.
2006-04-02- add <base> to cgi output, this is especially useful for output containingjoey
wikilinks since the urls should work now in more situations - drop --limit from svn log run, since a) it needs a fairly new svn and b) in some cases, it would limit it to too few entries to display the requested number of changes - Use driver:DB_File and not driver:db_file for better compatability with old versions of CGI::Session. - Note that HTML::Template 3.02.02 is needed.
2006-03-29css supportjoey
2006-03-29html validation fixes:joey
- escape & in urls (also clean up cgi url generation) - since markdown wraps inlined pages in <p></p>, close and re-open the paragraph tags when generating the embedded html - added XHTML 1.0 doctypes to templates - fixed <hr /> and <br /> in templates - add an alt attribute to inline images, based on the WikiLink to the image. Allows things like [[my_image|img.png]] to customise alt text.
2006-03-19link to helponformatting from the edit pagejoey
2006-03-19conflict detection, merging, etc should be done now, I thinkjoey
2006-03-19first cut at svn merge and conflictjoey
2006-03-16add a header to page preview sectionjoey
2006-03-16dd page previewjoey
2006-03-12- use templates for signin form, error messagesjoey
- use FormBuilder for edit page forms (also use template) - print debug to stderr in cgi mode to avoid breaking http headers - fix links to page in parentlinks if $url is unset - reorganise how wikilink is used in templates - only make recentchanes link if svn is enabled - change session id cookie to something we control - add support for logging committer name for web commits from signed in users (untested) - probably more changes I forgot