From 30d1de4bbd88aa18aa90fae06717a162e314d125 Mon Sep 17 00:00:00 2001 From: Josh Triplett Date: Wed, 9 Mar 2011 11:28:38 -0800 Subject: Fix typo: s/insertation/insertion/g --- doc/security.mdwn | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/security.mdwn b/doc/security.mdwn index 52d9d3dc0..770927e26 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -441,7 +441,7 @@ A fix was also backported to Debian etch, as version 2.53.5. I recommend upgrading to one of these versions if your wiki can be edited by third parties. -## javascript insertation via insufficient htmlscrubbing of comments +## javascript insertion via insufficient htmlscrubbing of comments Kevin Riggle noticed that it was not possible to configure `htmlscrubber_skip` to scrub comments while leaving unscubbed the text @@ -454,7 +454,7 @@ preview or moderation of comments with such a configuration. These problems were discovered on 12 November 2010 and fixed the same hour with the release of ikiwiki 3.20101112. ([[!cve CVE-2010-1673]]) -## javascript insertation via insufficient checking in comments +## javascript insertion via insufficient checking in comments Dave B noticed that attempting to comment on an illegal page name could be used for an XSS attack. -- cgit v1.2.3 From a5369746385583233e0ca0c8c18eeb5daf347dc2 Mon Sep 17 00:00:00 2001 From: "Øyvind A. Holm" Date: Thu, 10 Mar 2011 07:22:44 +0100 Subject: ikiwikiusers: Add link to some Ikiwiki love ebc91c32-4ade-11e0-b799-fefdb24f8e10 --- doc/ikiwikiusers.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/ikiwikiusers.mdwn b/doc/ikiwikiusers.mdwn index d69e0a4c9..4f823353e 100644 --- a/doc/ikiwikiusers.mdwn +++ b/doc/ikiwikiusers.mdwn @@ -168,7 +168,7 @@ Personal sites and blogs * [pmate](http://pmate.nfshost.com)'s homepage and [blog](http://pmate.nfshost.com/blog/) * [tychoish.com](http://tychoish.com/) - a blog/wiki mashup. blog posts are "rhizomes." * [Martin Burmester](http://www.martin-burmester.de/) -* [Øyvind A. Holm (sunny256)](http://www.sunbase.org) +* [Øyvind A. Holm (sunny256)](http://www.sunbase.org) — Read my Ikiwiki praise [here](http://www.sunbase.org/blog/why_ikiwiki/). Please feel free to add your own ikiwiki site! -- cgit v1.2.3 From 2a67d0b8c229fb3cf54a98e71d66f4145bb6ac7c Mon Sep 17 00:00:00 2001 From: justint Date: Fri, 11 Mar 2011 00:46:43 +0000 Subject: --- doc/plugins/contrib/justlogin.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/plugins/contrib/justlogin.mdwn b/doc/plugins/contrib/justlogin.mdwn index ef3d1bfff..90645b9ef 100644 --- a/doc/plugins/contrib/justlogin.mdwn +++ b/doc/plugins/contrib/justlogin.mdwn @@ -1,4 +1,4 @@ -This plugin is still in development. Currently it does bring up the login page and the login page does, with proper credentials, log in the user, but the returning page goes to prefs. I have no idea why. +This plugin has been abandoned while still in development. Currently it does bring up the login page and the login page does, with proper credentials, log in the user, but the returning page goes to prefs. I have no idea why. I decided to go in another direction so if someone wants to take over then please do so. Otherwise I have no problem if this page needs to be deleted. [[users/justint/]] Place this code into a page: -- cgit v1.2.3 From b4b47f6f7385aec6b9c0cdb16848fabf198744c0 Mon Sep 17 00:00:00 2001 From: "http://kerravonsen.dreamwidth.org/" Date: Tue, 15 Mar 2011 04:01:52 +0000 Subject: Can one enable Apache XBitHack? --- doc/forum/Apache_XBitHack.mdwn | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 doc/forum/Apache_XBitHack.mdwn diff --git a/doc/forum/Apache_XBitHack.mdwn b/doc/forum/Apache_XBitHack.mdwn new file mode 100644 index 000000000..9cadc73e1 --- /dev/null +++ b/doc/forum/Apache_XBitHack.mdwn @@ -0,0 +1,6 @@ +I'd like to be able to use the Apache XBitHack to enable Server Side Includes on my site. Yes, it is possible to enable SSI by setting the page extension to .shtml, and that is what I am doing at the moment. +However, the disadvantage of this approach is that the server does not give a LastModified header, which means that the content can't be cached. However, the way that I am using SSI is such that the main content of the page really is "last modified" when the page was last modified, so I'd like to be able to indicate that. And using the XBitHack - that is, setting the executable bit on the generated page - would enable me to do that. + +I gather from the [[security]] page that having the executable bit set on files is considered a security hole, but how big a hole would it be if I'm the only one editing the site? Is there a way, a somewhat safe way, of implementing XBitHack for IkiWiki? + +-- [[KathrynAndersen]] -- cgit v1.2.3 From aeb663a77734df9c4e88eb29fcd32a862a1aba35 Mon Sep 17 00:00:00 2001 From: "https://www.google.com/accounts/o8/id?id=AItOawmgCg984na5f7ef0FHyQQPaqXNXjfaq-Z4" Date: Wed, 16 Mar 2011 11:00:07 +0000 Subject: --- doc/examples/blog/posts/first_post.mdwn | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/examples/blog/posts/first_post.mdwn b/doc/examples/blog/posts/first_post.mdwn index 343497d18..f76df2f17 100644 --- a/doc/examples/blog/posts/first_post.mdwn +++ b/doc/examples/blog/posts/first_post.mdwn @@ -1,2 +1,4 @@ This is the first post to this example blog. To add new posts, just add files to the posts/ subdirectory, or use the web form. + +And is this ever edited again ? Looking for blog software and learning perl... -- cgit v1.2.3 From 70f646248821ebd608b65481d0f85fac8931f42e Mon Sep 17 00:00:00 2001 From: "https://www.google.com/accounts/o8/id?id=AItOawn8h6atTZOkH26yuHC4SdOmistFL_BMBEE" Date: Thu, 17 Mar 2011 19:18:17 +0000 Subject: --- doc/todo/pingback_support.mdwn | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/todo/pingback_support.mdwn b/doc/todo/pingback_support.mdwn index b10366bda..7b3b158ee 100644 --- a/doc/todo/pingback_support.mdwn +++ b/doc/todo/pingback_support.mdwn @@ -37,3 +37,5 @@ case I will consider this done with an entry in [[tips]]; otherwise a > whenever a page is posted or edited, and gets the changed content, it can > simply scan it for urls (may have to htmlize first?), and send pings to > all urls found. --[[Joey]] + +>> Is there any update on this? This would be highly useful and is the main reason why I am not using my blog more regularly, yet. (And yes, now that git-annex is doing everything I need and more, I thought I should revisit this one, as well). -- RichiH -- cgit v1.2.3