summaryrefslogtreecommitdiff
path: root/templates
AgeCommit message (Collapse)Author
2008-10-19fix relativedate timezone inclusionJoey Hess
The machine parseable date needs to include a timezone. Also, simplified the interface for date display.
2008-10-18remove old dup divJoey Hess
2008-10-17tweak recentchanges permalink codeJoey Hess
Need to handle the case where url is not set.
2008-10-17Patch for anchor-based change permalinks in recent changes feedJoey Hess
from JasonBlevins
2008-10-17make relativedate work for the dates on the recentchanges pageJoey Hess
Having a always current relative date on recentchanges is very, very nice.
2008-10-17relativedate: New javascript-alicious plugin that makes all dates display ↵Joey Hess
relative, in a very nice way, if I say so myself.
2008-10-10google plugin: Use google.com to search the local site.Peter Simons
Google allows has a nice feature, sitesearch, that allows anyone to limit search results to a specific site. Obviously, this feature can be used to provide a search engine for the local ikiwiki site without the need to install any additional software. Just enable the 'google' plugin and make sure that --url uses the proper hostname. Thanks to Joey for helping to get the Perl implementation right.
2008-09-23multiple rename support is workingJoey Hess
most edge cases seem handled too
2008-08-07avoid link fixup if page name stayed the sameJoey Hess
2008-08-06Added a small icon to the search input box.Joey Hess
2008-07-31Escape HTML in Atom feed metadata rather than treating it as XHTMLSimon McVittie
2008-07-31Escape HTML in RSS feeds, rather than relying on it being valid to stuff ↵Simon McVittie
into a CDATA section
2008-07-31Escape HTML in Atom feeds, rather than relying on it being well-formed XHTML ↵Simon McVittie
with no named entity references
2008-07-29really rm ;-)Joey Hess
2008-07-29initial draftJoey Hess
2008-07-23link fixup on rename workingJoey Hess
2008-07-22add a list of broken links after the renameJoey Hess
2008-07-22add a rename summaryJoey Hess
2008-07-22Split out error messages from editpage.tmpl into several separate templates.Joey Hess
2008-07-21skeleton rename pluginJoey Hess
2008-07-21simplified confirmation formJoey Hess
also, there's no titlepage conversion issues
2008-07-21editpage: Don't show attachments link when attachments are disabled.Joey Hess
2008-07-19Use correct term prefixes when searching.Gabriel McManus
The Z term prefix is for stemming and shouldn't be used here. X is for custom fields.
2008-07-15Oops, add missing </span>Simon McVittie
2008-07-15More CSS hooks for page.tmpl.Simon McVittie
I notice madduck.net already has a similar change :-)
2008-07-13Add more CSS hooks to inlinepage.tmplSimon McVittie
* Wrap everything before the content in <div class="inlineheader"> * Wrap the inlined content itself in <div class="inlinecontent"> * Wrap everything after the content in <div class="inlinefooter">
2008-07-13Add more stylesheet hooks to the page templateSimon McVittie
* Wrap header stuff, including actions, in <div class="pageheader"> (there is already a class="header", which is a subset of this, so using id="header" would be confusing) * Add class="pagefooter" to the existing <div id="footer">, for symmetry
2008-07-12Rename [[!inline atomid="..."]] to [[!inline guid="..."]] to be consistent ↵Simon McVittie
with [[!meta guid="..."]], which also outputs an Atom <id>
2008-07-12Accept [[!inline ... atomid="..."]] and use it to populate the feed's Atom <id>.Simon McVittie
This is often the same as the feed's <link> (in which case it can be omitted) but sometimes it's a urn:uuid: URN instead.
2008-07-12Add MIME type to Atom feeds' <link rel='self'>Simon McVittie
2008-07-12rename uuid to guidJoey Hess
2008-07-11rssitem.tmpl: use UUID as <guid> if suppliedSimon McVittie
2008-07-11atomitem.tmpl: use UUID as <id> if suppliedSimon McVittie
2008-07-06add br at topJoey Hess
firefox 3 smooshed the page location dropdown up to the page title, obscuring descenders and underscores. Maybe that's a bug, since the CSS didn't ask it to, but I think adding the extra space of a br at the top looks better anyway.
2008-07-02toggle: Add javascript to top of page, not to end. This avoids flicker since ↵Joey Hess
closed toggles will not be displayed as the page is loading.
2008-07-02xhtml fixesJoey Hess
2008-07-02attachments interface visibility togglingJoey Hess
2008-07-01basic attachment listJoey Hess
2008-06-30add support for an attachment upload fieldJoey Hess
FormBuilder makes it annoyingly hard to move a submit button to a nonstandard place. The button name has to be "_submit" or FormBuilder will ignore it.
2008-06-21Add support for the universal edit buttonJoey Hess
<http://universaleditbutton.org/> Not forcing a rebuild on upgrade just for this.
2008-06-04finishing touches on the new search pluginJoey Hess
- Add a Help link. - If the pageterm is too long, hash it.
2008-06-04The search interface now allows searching for a page by title ("title:foo"), ↵Joey Hess
as well as for pages that contain a given link ("link:bar").
2008-06-03prettify page names, and drop the redunadant url displayJoey Hess
2008-06-03search: Converted to use xapian-omega.Joey Hess
Everything is done except for the actual indexing. I plan to do incremental indexing as pages change.
2008-05-30improve wordingJoey Hess
2008-05-30hashed password support, and empty password security fixJoey Hess
This implements the previously documented hashed password support. While implementing that, I noticed a security hole, which this commit also fixes..
2008-05-28Add rel=nofollow to edit links. This may prevent some spiders from pounding ↵Joey Hess
on the cgi following edit links.
2008-04-10responseJoey Hess
2008-04-10Give the full path to the hyperestraier helpfile in estseek.conf.Joey Hess
2008-04-10Fix CSRF attacks against the preferences and edit forms. Closes: #475445Joey Hess
The fix involved embedding the session id in the forms, and not allowing the forms to be submitted if the embedded id does not match the session id. In the case of the preferences form, if the session id is not embedded, then the CGI parameters are cleared. This avoids a secondary attack where the link to the preferences form prefills password or other fields, and the user hits "submit" without noticing these prefilled values. In the case of the editpage form, the anonok plugin can allow anyone to edit, and so I chose not to guard against CSRF attacks against users who are not logged in. Otherwise, it also embeds the session id and checks it. For page editing, I assume that the user will notice if content or commit message is changed because of CGI parameters, and won't blndly hit save page. So I didn't block those CGI paramters. (It's even possible to use those CGI parameters, for good, not for evil, I guess..) The only other CSRF attack I can think of in ikiwiki involves the poll plugin. It's certianly possible to set up a link that causes the user to unknowingly vote in a poll. However, the poll plugin is not intended to be used for things that people would want to attack, since anyone can after all edit the poll page and fill in any values they like. So this "attack" is ignorable.