+ikiwiki (1.49) UNRELEASED; urgency=low
+
+ [ Joey Hess ]
+ * Add --post-commit option, which allows for the case of a split web server
+ and RCS server (or a push mirror). With this the RCS server can have a
+ real post-commit hook that sshs back to the web server, and runs ikiwiki
+ in post-commit mode to update the wiki.
+ * Fix urls generated by mirrorlist plugin.
+ * Add a templates page to the basewiki. It will automatically list all
+ available templates. Rename the old templates page to wikitemplates.
+ * Include the note template in the basewiki.
+ * Add a popup template in the basewiki. CSS based on some by Martin Krafft.
+ * Make the note, popup, and plugin templates detect missing variables and be
+ self-documenting, listing the available variables.
+ * Hide excess backlinks and expand using CSS trick; control quantiy via
+ the numbacklinks setting.
+ * Finally apply the index.html patch, with thanks to everyone who worked
+ on and supported creating it (especially Tumov). This adds a "usedirs"
+ option that makes ikiwiki use foo/index.html instead of foo.html as
+ output page names. It is not yet enabled by default.
+ * Fix a bug in the img plugin that caused thumbnailed files to not be
+ tracked properly.
+ * Make the OpenID library a reccommendation of the Debian package, rather
+ than just a suggests, since OpenID is enabled by default.
+ * Fix a bug that caused link(foo) to succeed if page foo did not exist.
+ * Fix tags to page names that contain special characters.
+
+ [ Josh Triplett ]
+ * Use pngcrush and optipng on all PNG files.
+ * Add neutral smileys ":|" and ":-|", and question icon smiley "(?)",
+ with images taken from phpBB (GPL) and converted with gif2png.
+ * Improvements to Description in debian/control:
+ * Note that some plugins have additional dependencies, found among the
+ Recommends and Suggests.
+ * ikiwiki supports both RSS and Atom feeds.
+ * Fix typos.
+ * Add Homepage field.
+ * Add XS-Vcs-Browser field.
+
+ -- Joey Hess <joeyh@debian.org> Thu, 05 Apr 2007 20:09:26 -0700
+
+ikiwiki (1.48) unstable; urgency=low
+
+ * Fix link() PageSpecs to not just look at the raw link text, but at where
+ that given link points based on the page doing the linking. Note that this
+ could make such PageSpecs match different things than before, if you
+ relied on the old behavior of them only matching the raw link text.
+ * This required changing the match_* interface, adding a third parameter.
+ * Allow link() PageSpecs to match relative, as is allowed with globs.
+ * Add postform option to inline plugin.
+ * Add an bug tracker to the softwaresite example.
+ * Make ikiwiki's stylesheet support printing by hiding parts of the page
+ that shouldn't appear in a printout: Search box, actions bar,
+ blog post form, tags, backlinks, and feed buttons.
+ * Finally fixed the longstanding inline removal bug.
+ * Renamed %oldpagemtime to a more accurately named %pagemtime and fix it to
+ actually store pages' mtimes.
+ * Add "mtime" sort parameter to inline plugin.
+ * Fix mercurial backend to deal with empty commit messages.
+
+ -- Joey Hess <joeyh@debian.org> Sat, 24 Mar 2007 11:14:10 -0400
+
+ikiwiki (1.47) unstable; urgency=low
+
+ * Fix a security hole that allowed insertion of unsafe content via the meta
+ plugins's support for inserting html link and meta tags. Now such content
+ is passed through the htmlscrubber like everything else.
+ * Unfortunatly, that means that some valid uses of those tags are no longer
+ usable, and special case methods needed to be added for including
+ stylesheets, and for doing openid delegation. If you use either of these
+ in your wiki, it will need to be modified. See the meta plugin docs
+ for details.
+
+ -- Joey Hess <joeyh@debian.org> Wed, 21 Mar 2007 14:05:00 -0400
+
ikiwiki (1.46) unstable; urgency=low
* Fix a bug with inlined create page links, including Discussion links on
same time, and let the second person resolve the conflict.
* Applied a patch from MichaĆ to make the mercurial backend pass --quiet to
hg.
- * Fix a few bugs around page titles containing html. The worst of these
- is an actual security hole as it allows insertion of html into the title
- element of a page, which is not processed by the htmlscrubber.
+ * Fix a security hole that allowed a web user to insert arbitrary html in
+ the title of a page due to missing escaping of titles in the meta plugin.
-- Joey Hess <joeyh@debian.org> Wed, 21 Mar 2007 01:51:30 -0400