]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/log
git.ikiwiki.info.git
8 years agoimg: check magic number before giving common formats to ImageMagick
Simon McVittie [Thu, 5 May 2016 22:17:45 +0000 (23:17 +0100)]
img: check magic number before giving common formats to ImageMagick

This mitigates CVE-2016-3714 and similar vulnerabilities by
avoiding passing obviously-wrong input to ImageMagick decoders.

8 years agoimg: restrict to JPEG, PNG and GIF images by default
Simon McVittie [Wed, 4 May 2016 07:54:19 +0000 (08:54 +0100)]
img: restrict to JPEG, PNG and GIF images by default

This mitigates CVE-2016-3714. Wiki administrators who know that they
have prevented arbitrary code execution via other formats can re-enable
the other formats if desired.

8 years agoimg: force common Web formats to be interpreted according to extension
Simon McVittie [Wed, 4 May 2016 07:52:40 +0000 (08:52 +0100)]
img: force common Web formats to be interpreted according to extension

A site administrator might unwisely set allowed_attachments to
something like '*.jpg or *.png'; if they do, an attacker could attach,
for example, a SVG file named attachment.jpg.

This mitigates CVE-2016-3714.

8 years agoHTML-escape error messages (OVE-20160505-0012)
Simon McVittie [Wed, 4 May 2016 07:46:02 +0000 (08:46 +0100)]
HTML-escape error messages (OVE-20160505-0012)

The instance in cgierror() is a potential cross-site scripting attack,
because an attacker could conceivably cause some module to raise an
exception that includes attacker-supplied HTML in its message, for
example via a crafted filename. (OVE-20160505-0012)

The instances in preprocess() is just correctness. It is not a
cross-site scripting attack, because an attacker could equally well
write the desired HTML themselves; the sanitize hook is what
protects us from cross-site scripting here.

8 years agoall good
https://id.koumbit.net/anarcat [Wed, 4 May 2016 22:53:24 +0000 (18:53 -0400)]
all good

8 years ago(no commit message)
smcv [Wed, 4 May 2016 22:35:33 +0000 (18:35 -0400)]

8 years agoresponse: confirmation it's a bug in MMD and Discount doesn't have footnotes, and...
https://id.koumbit.net/anarcat [Wed, 4 May 2016 13:45:25 +0000 (09:45 -0400)]
response: confirmation it's a bug in MMD and Discount doesn't have footnotes, and request for workaround

8 years agodiscount (as used on this wiki) can do footnotes, but they aren't enabled by ikiwiki
smcv [Wed, 4 May 2016 09:48:01 +0000 (05:48 -0400)]
discount (as used on this wiki) can do footnotes, but they aren't enabled by ikiwiki

8 years agoresponse
smcv [Wed, 4 May 2016 09:38:27 +0000 (05:38 -0400)]
response

8 years agoresponse
Joey Hess [Mon, 2 May 2016 13:33:59 +0000 (09:33 -0400)]
response

8 years ago(no commit message)
https://id.koumbit.net/anarcat [Fri, 29 Apr 2016 04:32:02 +0000 (00:32 -0400)]

8 years agoresponse
https://id.koumbit.net/anarcat [Fri, 29 Apr 2016 00:13:05 +0000 (20:13 -0400)]
response

8 years agoMerge branch 'master' of ssh://git.ikiwiki.info
Joey Hess [Thu, 28 Apr 2016 23:34:51 +0000 (19:34 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info

8 years agoresponse
Joey Hess [Thu, 28 Apr 2016 23:32:58 +0000 (19:32 -0400)]
response

8 years agoMerge remote-tracking branch 'origin/master'
Joey Hess [Thu, 28 Apr 2016 23:06:01 +0000 (19:06 -0400)]
Merge remote-tracking branch 'origin/master'

8 years ago(no commit message)
https://id.koumbit.net/anarcat [Thu, 28 Apr 2016 14:12:52 +0000 (10:12 -0400)]

8 years agohttp/https issue
https://id.koumbit.net/anarcat [Thu, 28 Apr 2016 14:08:05 +0000 (10:08 -0400)]
http/https issue

8 years agosmaller is too small for large blocks
Antoine Beaupré [Tue, 26 Apr 2016 22:52:25 +0000 (18:52 -0400)]
smaller is too small for large blocks

8 years agofix typo and comment
Antoine Beaupré [Tue, 26 Apr 2016 22:50:47 +0000 (18:50 -0400)]
fix typo and comment

8 years agonew CSS bug
Antoine Beaupré [Tue, 26 Apr 2016 22:46:52 +0000 (18:46 -0400)]
new CSS bug

8 years agoexplain footnotes
https://id.koumbit.net/anarcat [Tue, 26 Apr 2016 22:35:20 +0000 (18:35 -0400)]
explain footnotes

8 years agoChanged the expired domain and added question
desci [Tue, 19 Apr 2016 02:08:50 +0000 (22:08 -0400)]
Changed the expired domain and added question

8 years agoFixed dead link.
RickHanson [Sun, 17 Apr 2016 23:38:12 +0000 (19:38 -0400)]
Fixed dead link.

8 years agoadd screenshot
Antoine Beaupré [Fri, 15 Apr 2016 22:11:29 +0000 (18:11 -0400)]
add screenshot

8 years agofix typos
Antoine Beaupré [Fri, 15 Apr 2016 21:31:53 +0000 (17:31 -0400)]
fix typos

8 years agoannounce the admonition plugin
Antoine Beaupré [Fri, 15 Apr 2016 21:29:44 +0000 (17:29 -0400)]
announce the admonition plugin

8 years agoelaborate copyright investigation. ugh.
Antoine Beaupré [Fri, 15 Apr 2016 16:29:25 +0000 (12:29 -0400)]
elaborate copyright investigation. ugh.

8 years agoresponse
Antoine Beaupré [Fri, 15 Apr 2016 15:17:02 +0000 (11:17 -0400)]
response

8 years agocan't login again
Antoine Beaupré [Fri, 15 Apr 2016 15:07:14 +0000 (11:07 -0400)]
can't login again

8 years agoescape
smcv [Fri, 15 Apr 2016 14:38:11 +0000 (10:38 -0400)]
escape

8 years agotemplates are another way to do this
smcv [Fri, 15 Apr 2016 14:37:43 +0000 (10:37 -0400)]
templates are another way to do this

8 years ago(no commit message)
smcv [Fri, 15 Apr 2016 14:34:33 +0000 (10:34 -0400)]

8 years agoa weird authentication bug
Antoine Beaupré [Fri, 15 Apr 2016 14:14:50 +0000 (10:14 -0400)]
a weird authentication bug

8 years agoadmonitions proposal
Antoine Beaupré [Fri, 15 Apr 2016 13:57:53 +0000 (09:57 -0400)]
admonitions proposal

8 years agoArguing more
desci [Fri, 15 Apr 2016 12:24:38 +0000 (08:24 -0400)]
Arguing more

8 years agoAdded systemd for nginx
desci [Fri, 15 Apr 2016 12:12:11 +0000 (08:12 -0400)]
Added systemd for nginx

8 years ago(no commit message)
desci [Thu, 14 Apr 2016 21:14:47 +0000 (17:14 -0400)]

8 years agoDocument new feature.
spalax [Thu, 14 Apr 2016 16:43:32 +0000 (12:43 -0400)]
Document new feature.

8 years agoclarify that theme and css is not only to change stylesheets, but the look in general
https://id.koumbit.net/anarcat [Wed, 13 Apr 2016 18:38:15 +0000 (14:38 -0400)]
clarify that theme and css is not only to change stylesheets, but the look in general

8 years agolink to localstyle after a user struggled for hours to figure out exactly that
https://id.koumbit.net/anarcat [Wed, 13 Apr 2016 18:37:22 +0000 (14:37 -0400)]
link to localstyle after a user struggled for hours to figure out exactly that

8 years agoexplain why multiple page.tmpl is a showstopper for upstream even if not for local...
smcv [Tue, 12 Apr 2016 06:00:21 +0000 (02:00 -0400)]
explain why multiple page.tmpl is a showstopper for upstream even if not for local themes

8 years ago(no commit message)
desci [Mon, 11 Apr 2016 15:05:45 +0000 (11:05 -0400)]

8 years agoUpdated link
desci [Mon, 11 Apr 2016 15:03:22 +0000 (11:03 -0400)]
Updated link

8 years agoUpdated link
desci [Mon, 11 Apr 2016 15:01:54 +0000 (11:01 -0400)]
Updated link

8 years agoEdited old sentence to reference the forum
desci [Mon, 11 Apr 2016 14:59:13 +0000 (10:59 -0400)]
Edited old sentence to reference the forum

8 years ago(no commit message)
desci [Mon, 11 Apr 2016 14:57:37 +0000 (10:57 -0400)]

8 years agoAsked Joey to reconsider
desci [Mon, 11 Apr 2016 14:21:24 +0000 (10:21 -0400)]
Asked Joey to reconsider

8 years agoAdded yet another bootstrap theme
desci [Mon, 11 Apr 2016 14:15:39 +0000 (10:15 -0400)]
Added yet another bootstrap theme

8 years agoAdded question
desci [Mon, 11 Apr 2016 14:12:17 +0000 (10:12 -0400)]
Added question

8 years agoThere's also a config file option.
spwhitton [Sat, 9 Apr 2016 14:48:54 +0000 (10:48 -0400)]
There's also a config file option.

8 years agoMarketing
desci [Sat, 9 Apr 2016 05:01:38 +0000 (01:01 -0400)]
Marketing

8 years agoDelivering what I've promised
desci [Sat, 9 Apr 2016 04:53:34 +0000 (00:53 -0400)]
Delivering what I've promised

8 years agoOk now I've got it right
desci [Sat, 9 Apr 2016 02:33:56 +0000 (22:33 -0400)]
Ok now I've got it right

8 years agoThe structure was all wrong
desci [Sat, 9 Apr 2016 02:31:38 +0000 (22:31 -0400)]
The structure was all wrong

8 years agoForgot to add the main folder
desci [Sat, 9 Apr 2016 02:29:02 +0000 (22:29 -0400)]
Forgot to add the main folder

8 years agoAdded two questions
desci [Sat, 9 Apr 2016 02:27:44 +0000 (22:27 -0400)]
Added two questions

8 years agoAdded a comment: Any chance on moving forward on this?
desci [Sat, 9 Apr 2016 00:21:45 +0000 (20:21 -0400)]
Added a comment: Any chance on moving forward on this?

8 years agotodo
Joey Hess [Sun, 3 Apr 2016 21:06:52 +0000 (17:06 -0400)]
todo

8 years agoadd missing </div>
Joey Hess [Sun, 3 Apr 2016 19:29:27 +0000 (15:29 -0400)]
add missing </div>

8 years agoExplanation of my part on the confusion
desci [Sun, 3 Apr 2016 17:15:17 +0000 (13:15 -0400)]
Explanation of my part on the confusion

8 years agoTried to fix considering http://ikiwiki.info/tips/bootstrap_themes_evaluation/
desci [Sun, 3 Apr 2016 17:11:48 +0000 (13:11 -0400)]
Tried to fix considering http://ikiwiki.info/tips/bootstrap_themes_evaluation/

8 years agoadded personal information
desci [Sun, 3 Apr 2016 15:47:08 +0000 (11:47 -0400)]
added personal information

8 years agoupdated sites list
desci [Sun, 3 Apr 2016 15:45:35 +0000 (11:45 -0400)]
updated sites list

8 years ago(no commit message)
kjs [Thu, 31 Mar 2016 21:39:07 +0000 (17:39 -0400)]

8 years agoNew inline's same as old, plus plugins/contrib/*.
Amitai Schlair [Tue, 22 Mar 2016 18:53:05 +0000 (14:53 -0400)]
New inline's same as old, plus plugins/contrib/*.

8 years agoRetry previous with more brain cells engaged.
Amitai Schlair [Tue, 22 Mar 2016 18:51:58 +0000 (14:51 -0400)]
Retry previous with more brain cells engaged.

8 years agoTry another inline with just tagged(reviewed).
Amitai Schlair [Tue, 22 Mar 2016 18:50:52 +0000 (14:50 -0400)]
Try another inline with just tagged(reviewed).

8 years agodescribe XSS issue
smcv [Tue, 22 Mar 2016 06:47:09 +0000 (02:47 -0400)]
describe XSS issue

8 years agobriefly describe XSS issue
smcv [Tue, 22 Mar 2016 06:45:03 +0000 (02:45 -0400)]
briefly describe XSS issue

8 years agonew bug
Antoine Beaupré [Mon, 21 Mar 2016 23:24:53 +0000 (19:24 -0400)]
new bug

8 years agoadd my modifications to bootstrap
Antoine Beaupré [Mon, 21 Mar 2016 23:13:55 +0000 (19:13 -0400)]
add my modifications to bootstrap

8 years agofix links
Antoine Beaupré [Mon, 21 Mar 2016 23:12:56 +0000 (19:12 -0400)]
fix links

8 years agorespond
Antoine Beaupré [Mon, 21 Mar 2016 23:05:15 +0000 (19:05 -0400)]
respond

8 years agoreview
smcv [Mon, 21 Mar 2016 23:01:22 +0000 (19:01 -0400)]
review

8 years agomove discussion points to Discussion
smcv [Mon, 21 Mar 2016 22:34:51 +0000 (18:34 -0400)]
move discussion points to Discussion

8 years agocopy from main page
smcv [Mon, 21 Mar 2016 22:34:40 +0000 (18:34 -0400)]
copy from main page

8 years agotag as patch, reviewed
smcv [Mon, 21 Mar 2016 22:29:43 +0000 (18:29 -0400)]
tag as patch, reviewed

8 years agoreview
smcv [Mon, 21 Mar 2016 22:29:11 +0000 (18:29 -0400)]
review

8 years ago(no commit message)
smcv [Mon, 21 Mar 2016 22:08:18 +0000 (18:08 -0400)]

8 years agocompatible_templates.mdwn: Fix typesetting
Richard Hartmann [Mon, 21 Mar 2016 18:50:54 +0000 (11:50 -0700)]
compatible_templates.mdwn: Fix typesetting

8 years agoAdd compatible_templates.mdwn
Richard Hartmann [Mon, 21 Mar 2016 18:49:45 +0000 (11:49 -0700)]
Add compatible_templates.mdwn

8 years ago(no commit message)
guus@6397333e354c5b8b4968fcb878ef28311937644e [Sat, 19 Mar 2016 20:40:12 +0000 (16:40 -0400)]

8 years agoCorrectly handle filenames starting with a dash in add/rm/mv.
Florian Wagner [Thu, 17 Mar 2016 11:20:30 +0000 (12:20 +0100)]
Correctly handle filenames starting with a dash in add/rm/mv.

8 years agoThis reverts commit 4712595e6304cc224b2dfdbb1cfe9f2e61bed371
smcv [Mon, 14 Mar 2016 11:03:39 +0000 (07:03 -0400)]
This reverts commit 4712595e6304cc224b2dfdbb1cfe9f2e61bed371

8 years agorevert test commit outside sandbox
smcv [Mon, 14 Mar 2016 11:03:00 +0000 (07:03 -0400)]
revert test commit outside sandbox

This reverts commit cc5ad8efcd9378b114a51511b548779b2000e50d

8 years ago(no commit message)
freij [Sun, 13 Mar 2016 19:36:27 +0000 (15:36 -0400)]

8 years ago(no commit message)
freij [Sun, 13 Mar 2016 19:36:13 +0000 (15:36 -0400)]

8 years ago(no commit message)
freij [Sun, 13 Mar 2016 19:35:05 +0000 (15:35 -0400)]

8 years agonothing
public [Sun, 13 Mar 2016 15:22:16 +0000 (11:22 -0400)]
nothing

8 years ago(no commit message)
typoofcem@3652758f4d569c41881c7b9db70c96e56ddaf4c4 [Sat, 12 Mar 2016 20:58:27 +0000 (16:58 -0400)]

8 years ago(no commit message)
holger [Sat, 12 Mar 2016 15:35:49 +0000 (11:35 -0400)]

8 years ago(no commit message)
holger [Sat, 12 Mar 2016 15:32:35 +0000 (11:32 -0400)]

8 years ago(no commit message)
https://openid.stackexchange.com/user/a97e1fd8-1219-421c-8a46-18e04f1e1936 [Fri, 11 Mar 2016 22:12:57 +0000 (18:12 -0400)]

8 years agoAdded a comment: You'll need a web server, and don't run ikiwiki as root
smcv [Fri, 11 Mar 2016 20:39:35 +0000 (16:39 -0400)]
Added a comment: You'll need a web server, and don't run ikiwiki as root

8 years agofix formatting
smcv [Fri, 11 Mar 2016 20:31:10 +0000 (16:31 -0400)]
fix formatting

8 years agocomment
Joey Hess [Fri, 11 Mar 2016 15:44:53 +0000 (11:44 -0400)]
comment

8 years ago(no commit message)
holger [Fri, 11 Mar 2016 15:29:56 +0000 (11:29 -0400)]

8 years agothanks
mx.david.rix@3bf9592fa655d6681eedf8add3d3b830d00a40d3 [Fri, 11 Mar 2016 09:31:20 +0000 (05:31 -0400)]
thanks

8 years agoThis reverts commit c4d0086bd39e3dd5b8a9b240971c2ed2830304dc
smcv [Fri, 11 Mar 2016 09:17:51 +0000 (05:17 -0400)]
This reverts commit c4d0086bd39e3dd5b8a9b240971c2ed2830304dc

8 years ago(no commit message)
xiongbao [Fri, 11 Mar 2016 03:30:21 +0000 (23:30 -0400)]