Age | Commit message (Collapse) | Author |
|
most edge cases seem handled too
|
|
|
|
|
|
|
|
into a CDATA section
|
|
with no named entity references
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
also, there's no titlepage conversion issues
|
|
|
|
The Z term prefix is for stemming and shouldn't be used here.
X is for custom fields.
|
|
|
|
I notice madduck.net already has a similar change :-)
|
|
* Wrap everything before the content in <div class="inlineheader">
* Wrap the inlined content itself in <div class="inlinecontent">
* Wrap everything after the content in <div class="inlinefooter">
|
|
* Wrap header stuff, including actions, in <div class="pageheader">
(there is already a class="header", which is a subset of this, so
using id="header" would be confusing)
* Add class="pagefooter" to the existing <div id="footer">, for symmetry
|
|
with [[!meta guid="..."]], which also outputs an Atom <id>
|
|
This is often the same as the feed's <link> (in which case it can be omitted) but sometimes it's a urn:uuid: URN instead.
|
|
|
|
|
|
|
|
|
|
firefox 3 smooshed the page location dropdown up to the page title,
obscuring descenders and underscores. Maybe that's a bug, since the CSS
didn't ask it to, but I think adding the extra space of a br at the top
looks better anyway.
|
|
closed toggles will not be displayed as the page is loading.
|
|
|
|
|
|
|
|
FormBuilder makes it annoyingly hard to move a submit button to a
nonstandard place. The button name has to be "_submit" or FormBuilder will
ignore it.
|
|
<http://universaleditbutton.org/>
Not forcing a rebuild on upgrade just for this.
|
|
- Add a Help link.
- If the pageterm is too long, hash it.
|
|
as well as for pages that contain a given link ("link:bar").
|
|
|
|
Everything is done except for the actual indexing. I plan to do incremental
indexing as pages change.
|
|
|
|
This implements the previously documented hashed password support.
While implementing that, I noticed a security hole, which this commit
also fixes..
|
|
on the cgi following edit links.
|
|
|
|
|
|
The fix involved embedding the session id in the forms, and not allowing the
forms to be submitted if the embedded id does not match the session id.
In the case of the preferences form, if the session id is not embedded,
then the CGI parameters are cleared. This avoids a secondary attack where the
link to the preferences form prefills password or other fields, and
the user hits "submit" without noticing these prefilled values.
In the case of the editpage form, the anonok plugin can allow anyone to edit,
and so I chose not to guard against CSRF attacks against users who are not
logged in. Otherwise, it also embeds the session id and checks it.
For page editing, I assume that the user will notice if content or commit
message is changed because of CGI parameters, and won't blndly hit save page.
So I didn't block those CGI paramters. (It's even possible to use those CGI
parameters, for good, not for evil, I guess..)
The only other CSRF attack I can think of in ikiwiki involves the poll plugin.
It's certianly possible to set up a link that causes the user to unknowingly
vote in a poll. However, the poll plugin is not intended to be used for things
that people would want to attack, since anyone can after all edit the poll page
and fill in any values they like. So this "attack" is ignorable.
|
|
* rcs_diff is a new function that rcs modules should implement.
* Implemented rcs_diff for git, svn, and tla (tla version untested).
Mercurial and monotone still todo.
|
|
containing ikiwiki.cgi, but this should not change the urls to the style
sheets etc. Add a new forcebareurl parameter to misctemplate to allow
it to do that.
|
|
Conflicts:
debian/changelog
templates/change.tmpl
|
|
|
|
|
|
|
|
|