]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/log
git.ikiwiki.info.git
10 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawkwqKsWfFCk-NK99S77R2v1JorVCnpzXUA [Fri, 7 Nov 2014 15:53:35 +0000 (11:53 -0400)]

10 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawkwqKsWfFCk-NK99S77R2v1JorVCnpzXUA [Fri, 7 Nov 2014 15:48:08 +0000 (11:48 -0400)]

10 years agoMerge branch 'master' of ssh://git.ikiwiki.info
Joey Hess [Thu, 6 Nov 2014 19:02:32 +0000 (15:02 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info

10 years agoopenid: Stop suppressing the email field on the Preferences page.
Joey Hess [Thu, 6 Nov 2014 19:00:09 +0000 (15:00 -0400)]
openid: Stop suppressing the email field on the Preferences page.

This is needed for notifyemail, and not all openid providers report an
email address, or necessarily the one the user wants to get email.

10 years agoFixes perl-magick link #2
https://www.google.com/accounts/o8/id?id=AItOawndltpDNFSfEZBR_TIcjeDQRkuuyT1e_3o [Thu, 6 Nov 2014 09:33:25 +0000 (05:33 -0400)]
Fixes perl-magick link #2

10 years agoFixes perl-magick link
https://www.google.com/accounts/o8/id?id=AItOawndltpDNFSfEZBR_TIcjeDQRkuuyT1e_3o [Thu, 6 Nov 2014 09:32:09 +0000 (05:32 -0400)]
Fixes perl-magick link

10 years agotypos
spalax [Mon, 27 Oct 2014 09:53:17 +0000 (05:53 -0400)]
typos

10 years agoHow signinview handles the goto leak
http://anastigmatix.net/ [Sat, 25 Oct 2014 16:55:46 +0000 (12:55 -0400)]
How signinview handles the goto leak

10 years agoAnswer
spalax [Sat, 25 Oct 2014 16:17:16 +0000 (12:17 -0400)]
Answer

10 years agodo=goto leaks page existence
http://anastigmatix.net/ [Fri, 24 Oct 2014 23:45:23 +0000 (19:45 -0400)]
do=goto leaks page existence

10 years agoPatch submitted for contrib/ymlfront sticky-metadata issue.
http://anastigmatix.net/ [Fri, 24 Oct 2014 23:20:13 +0000 (19:20 -0400)]
Patch submitted for contrib/ymlfront sticky-metadata issue.

10 years agoUpdate comment
fr33domlover [Fri, 24 Oct 2014 10:19:54 +0000 (06:19 -0400)]
Update comment

10 years agoCommand on compile plugin
fr33domlover [Fri, 24 Oct 2014 10:11:56 +0000 (06:11 -0400)]
Command on compile plugin

10 years agoFeeling out how to present patch for review
http://anastigmatix.net/ [Fri, 24 Oct 2014 00:40:35 +0000 (20:40 -0400)]
Feeling out how to present patch for review

10 years agoMerge branch 'master' of ssh://git.ikiwiki.info
Joey Hess [Thu, 23 Oct 2014 17:56:21 +0000 (13:56 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info

10 years agofile bug
Joey Hess [Thu, 23 Oct 2014 17:55:29 +0000 (13:55 -0400)]
file bug

10 years agoForgot download link
spalax [Thu, 23 Oct 2014 14:40:14 +0000 (10:40 -0400)]
Forgot download link

10 years agoTypos...
fr33domlover [Thu, 23 Oct 2014 11:16:26 +0000 (07:16 -0400)]
Typos...

10 years ago(no commit message)
fr33domlover [Thu, 23 Oct 2014 11:15:55 +0000 (07:15 -0400)]

10 years ago(no commit message)
fr33domlover [Thu, 23 Oct 2014 11:15:27 +0000 (07:15 -0400)]

10 years agowishlist: ask about using ikiwiki as ML
fr33domlover [Thu, 23 Oct 2014 11:14:16 +0000 (07:14 -0400)]
wishlist: ask about using ikiwiki as ML

10 years agowishlist
fr33domlover [Thu, 23 Oct 2014 11:13:19 +0000 (07:13 -0400)]
wishlist

10 years agoAdded a comment
smcv [Thu, 23 Oct 2014 08:06:51 +0000 (04:06 -0400)]
Added a comment

10 years agoAdded a comment
smcv [Thu, 23 Oct 2014 07:57:40 +0000 (03:57 -0400)]
Added a comment

10 years agoAdded a comment
openmedi [Wed, 22 Oct 2014 22:01:43 +0000 (18:01 -0400)]
Added a comment

10 years agoAdded a comment
fr33domlover [Wed, 22 Oct 2014 16:46:02 +0000 (12:46 -0400)]
Added a comment

10 years agoNew wishlist item - put /tags page in the basewiki?
fr33domlover [Wed, 22 Oct 2014 08:20:00 +0000 (11:20 +0300)]
New wishlist item - put /tags page in the basewiki?

10 years ago(no commit message)
openmedi [Tue, 21 Oct 2014 01:11:53 +0000 (21:11 -0400)]

10 years ago(no commit message)
openmedi [Tue, 21 Oct 2014 01:00:30 +0000 (21:00 -0400)]

10 years agoHadn't listed any drawbacks for the FastCGI Authorizer idea.
http://anastigmatix.net/ [Mon, 20 Oct 2014 23:58:54 +0000 (19:58 -0400)]
Hadn't listed any drawbacks for the FastCGI Authorizer idea.

10 years agoReview request for: Let plugins influence what environment variables a wrapper will...
http://anastigmatix.net/ [Mon, 20 Oct 2014 23:07:13 +0000 (19:07 -0400)]
Review request for: Let plugins influence what environment variables a wrapper will preserve

10 years agoFix dangling link to branch I deleted after merge. Link instead to merged commits...
http://anastigmatix.net/ [Mon, 20 Oct 2014 22:39:55 +0000 (18:39 -0400)]
Fix dangling link to branch I deleted after merge.  Link instead to merged commits in ikiwiki repo.

10 years agoAdd ikiwiki-comment to shebang_scripts.
Amitai Schlair [Mon, 20 Oct 2014 18:20:41 +0000 (14:20 -0400)]
Add ikiwiki-comment to shebang_scripts.

10 years agoAdd missing build-depends on libcgi-formbuilder-perl, needed for t/relativity.t
Joey Hess [Mon, 20 Oct 2014 16:28:54 +0000 (12:28 -0400)]
Add missing build-depends on libcgi-formbuilder-perl, needed for t/relativity.t

10 years agoadd ikiwiki-comment program
Joey Hess [Mon, 20 Oct 2014 16:08:07 +0000 (12:08 -0400)]
add ikiwiki-comment program

10 years agobit on how inlinability isn't only bad
http://anastigmatix.net/ [Sun, 19 Oct 2014 21:48:47 +0000 (17:48 -0400)]
bit on how inlinability isn't only bad

10 years agoAdd link to the proposed wrapper generation patch
http://anastigmatix.net/ [Sun, 19 Oct 2014 21:37:46 +0000 (17:37 -0400)]
Add link to the proposed wrapper generation patch

10 years agoinitial description of signinview plugin
http://anastigmatix.net/ [Sun, 19 Oct 2014 21:07:15 +0000 (17:07 -0400)]
initial description of signinview plugin

10 years agomore on caching behavior
http://anastigmatix.net/ [Sun, 19 Oct 2014 18:40:02 +0000 (14:40 -0400)]
more on caching behavior

10 years agomake formatting more consistent
http://anastigmatix.net/ [Sun, 19 Oct 2014 18:17:03 +0000 (14:17 -0400)]
make formatting more consistent

10 years agodiscuss zoned-ikiwiki implementation approaches, including signinview plugin
http://anastigmatix.net/ [Sun, 19 Oct 2014 18:12:11 +0000 (14:12 -0400)]
discuss zoned-ikiwiki implementation approaches, including signinview plugin

10 years agoit helps to distinguish some use cases
http://anastigmatix.net/ [Sun, 19 Oct 2014 17:32:52 +0000 (13:32 -0400)]
it helps to distinguish some use cases

10 years agoalso search
Amitai Schlair [Sun, 19 Oct 2014 17:13:07 +0000 (13:13 -0400)]
also search

10 years agostart fleshing out "things that make zoned ikiwiki hard"
http://anastigmatix.net/ [Sun, 19 Oct 2014 17:09:33 +0000 (13:09 -0400)]
start fleshing out "things that make zoned ikiwiki hard"

10 years agosign previous
Amitai Schlair [Sun, 19 Oct 2014 17:08:13 +0000 (13:08 -0400)]
sign previous

10 years agoMatch word boundary (think "/usr/bin/perl5.18").
Amitai Schlair [Sun, 19 Oct 2014 16:59:53 +0000 (12:59 -0400)]
Match word boundary (think "/usr/bin/perl5.18").

10 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawlGzzISNi9sKsbbqyRjCZEecyypgaFV56U [Sun, 19 Oct 2014 16:04:48 +0000 (12:04 -0400)]

10 years ago[patch], patch
https://www.google.com/accounts/o8/id?id=AItOawlGzzISNi9sKsbbqyRjCZEecyypgaFV56U [Sun, 19 Oct 2014 16:04:02 +0000 (12:04 -0400)]
[patch], patch

10 years agoAdded a comment
openmedi [Fri, 17 Oct 2014 17:23:13 +0000 (13:23 -0400)]
Added a comment

10 years agoRemove space from perl shebang path.
Amitai Schlair [Fri, 17 Oct 2014 13:05:00 +0000 (09:05 -0400)]
Remove space from perl shebang path.

10 years agoDisambiguate myself a bit (like that's needed).
Amitai Schlair [Fri, 17 Oct 2014 01:51:18 +0000 (21:51 -0400)]
Disambiguate myself a bit (like that's needed).

10 years agoreformat
Simon McVittie [Fri, 17 Oct 2014 00:07:50 +0000 (01:07 +0100)]
reformat

10 years agonews
Simon McVittie [Fri, 17 Oct 2014 00:01:53 +0000 (01:01 +0100)]
news

10 years agoMerge remote-tracking branch 'refs/remotes/dgit/dgit/sid' 3.20141016 debian/3.20141016
Simon McVittie [Thu, 16 Oct 2014 23:02:33 +0000 (00:02 +0100)]
Merge remote-tracking branch 'refs/remotes/dgit/dgit/sid'

10 years agorelease
Simon McVittie [Thu, 16 Oct 2014 22:28:35 +0000 (23:28 +0100)]
release

10 years agodebian: fix some wrong paths in the copyright file
Simon McVittie [Thu, 16 Oct 2014 22:28:23 +0000 (23:28 +0100)]
debian: fix some wrong paths in the copyright file

10 years agodebian: rename debian/link to debian/links so the intended symlinks appear
Simon McVittie [Thu, 16 Oct 2014 22:04:11 +0000 (23:04 +0100)]
debian: rename debian/link to debian/links so the intended symlinks appear

10 years agoclose a bug
Simon McVittie [Thu, 16 Oct 2014 22:03:48 +0000 (23:03 +0100)]
close a bug

10 years agoDrop unused python-support dependency
Simon McVittie [Thu, 16 Oct 2014 21:48:09 +0000 (22:48 +0100)]
Drop unused python-support dependency

10 years agochangelog so far
Simon McVittie [Thu, 16 Oct 2014 21:44:29 +0000 (22:44 +0100)]
changelog so far

10 years agobuild-depend on libcgi-pm-perl too, for tests
Simon McVittie [Thu, 16 Oct 2014 21:40:52 +0000 (22:40 +0100)]
build-depend on libcgi-pm-perl too, for tests

10 years agoExplicitly depend on CGI.pm, which is no longer in Perl core
Simon McVittie [Thu, 16 Oct 2014 08:45:36 +0000 (09:45 +0100)]
Explicitly depend on CGI.pm, which is no longer in Perl core

I was going to depend on the version that has CGI->param_fetch,
but that has been supported since 2.37, which is older than oldstable.

10 years agoIkiWiki::Plugin::openid: as a precaution, do not call non-coderefs
Amitai Schlair [Wed, 15 Oct 2014 22:52:43 +0000 (23:52 +0100)]
IkiWiki::Plugin::openid: as a precaution, do not call non-coderefs

We're running under "use strict" here, so if CGI->param's array-context
misbehaviour passes an extra non-ref parameter, it shouldn't be executed
anyway... but it's as well to be safe.

[commit message added by smcv]

10 years agoCall CGI->param_fetch instead of CGI->param in array context
Amitai Schlair [Wed, 15 Oct 2014 21:32:02 +0000 (22:32 +0100)]
Call CGI->param_fetch instead of CGI->param in array context

CGI->param has the misfeature that it is context-sensitive, and in
particular can expand to more than one scalar in function calls.
This led to a security vulnerability in Bugzilla, and recent versions
of CGI.pm will warn when it is used in this way.

In the situations where we do want to cope with more than one parameter
of the same name, CGI->param_fetch (which always returns an
array-reference) makes the intention clearer.

[commit message added by smcv]

10 years agoMake sure we do not pass multiple CGI parameters in function calls
Simon McVittie [Sat, 11 Oct 2014 08:28:22 +0000 (09:28 +0100)]
Make sure we do not pass multiple CGI parameters in function calls

When CGI->param is called in list context, such as in function
parameters, it expands to all the potentially multiple values
of the parameter: for instance, if we parse query string a=b&a=c&d=e
and call func($cgi->param('a')), that's equivalent to func('b', 'c').
Most of the functions we're calling do not expect that.

I do not believe this is an exploitable security vulnerability in
ikiwiki, but it was exploitable in Bugzilla.

10 years agoAdded a comment: It was an Apache problem...
https://www.google.com/accounts/o8/id?id=AItOawk8U772S3jDrZJCO0WA5WaDLjJv5mMl6Yw [Thu, 16 Oct 2014 14:57:26 +0000 (10:57 -0400)]
Added a comment: It was an Apache problem...

10 years agobranch
smcv [Thu, 16 Oct 2014 12:11:52 +0000 (08:11 -0400)]
branch

10 years agocomment
smcv [Thu, 16 Oct 2014 11:52:05 +0000 (07:52 -0400)]
comment

10 years agoEmit vestigial xmlns so people can still pass ikiwiki output through XSLT
Simon McVittie [Thu, 16 Oct 2014 10:25:28 +0000 (11:25 +0100)]
Emit vestigial xmlns so people can still pass ikiwiki output through XSLT

10 years agoWe no longer have a test for DTD-valid XHTML 1.0, but at least check well-formedness
Simon McVittie [Thu, 16 Oct 2014 10:25:10 +0000 (11:25 +0100)]
We no longer have a test for DTD-valid XHTML 1.0, but at least check well-formedness

This means that people can do XSLT nonsense if they want to.

The failures are currently marked TODO because not everything in the
docwiki is in fact well-formed.

10 years agoRemove now-redundant test-cases for a non-default html5 setting
Simon McVittie [Thu, 16 Oct 2014 10:08:01 +0000 (11:08 +0100)]
Remove now-redundant test-cases for a non-default html5 setting

10 years agoNow that we're always using HTML5, <base href> can be relative
Simon McVittie [Thu, 16 Oct 2014 10:05:19 +0000 (11:05 +0100)]
Now that we're always using HTML5, <base href> can be relative

10 years agoAlways produce HTML5 doctype and new attributes, but not new elements
Simon McVittie [Thu, 16 Oct 2014 10:04:53 +0000 (11:04 +0100)]
Always produce HTML5 doctype and new attributes, but not new elements

According to caniuse.com, a significant fraction of Web users are
still using Internet Explorer versions that do not support HTML5
sectioning elements. However, claiming we're XHTML 1.0 Strict
means we can't use features invented in the last 12 years, even if
they degrade gracefully in older browsers (like the role and placeholder
attributes).

This means our output is no longer valid according to any particular
DTD. Real browsers and other non-validator user-agents have never
cared about DTD compliance anyway, so I don't think this is a real loss.

10 years agoReplace PayPal and Flattr buttons with text links
Simon McVittie [Wed, 15 Oct 2014 20:56:11 +0000 (21:56 +0100)]
Replace PayPal and Flattr buttons with text links

In particular, this avoids loading third-party resources from the
offline documentation (see
<https://lintian.debian.org/tags/privacy-breach-donation.html>).

10 years agomention pagespec_alias patches
http://anastigmatix.net/ [Thu, 16 Oct 2014 02:53:41 +0000 (22:53 -0400)]
mention pagespec_alias patches

10 years agoAdded a comment
smcv [Wed, 15 Oct 2014 23:30:22 +0000 (19:30 -0400)]
Added a comment

10 years agoAdded a comment
smcv [Wed, 15 Oct 2014 23:26:52 +0000 (19:26 -0400)]
Added a comment

10 years agoAdded a comment
openmedi [Wed, 15 Oct 2014 18:49:16 +0000 (14:49 -0400)]
Added a comment

10 years agoAdded a comment
https://www.google.com/accounts/o8/id?id=AItOawlcaGfdn9Kye1Gc8aGb67PDVQW4mKbQD7E [Wed, 15 Oct 2014 13:43:25 +0000 (09:43 -0400)]
Added a comment

10 years agoAdded a comment
openmedi [Wed, 15 Oct 2014 12:33:40 +0000 (08:33 -0400)]
Added a comment

10 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawmbuZI4n1RsTe3Yeaqb5F-yhtR7a8BWEIE [Wed, 15 Oct 2014 04:18:10 +0000 (00:18 -0400)]

10 years agoas usual, macports hasn't moved
Amitai Schlair [Tue, 14 Oct 2014 22:46:41 +0000 (18:46 -0400)]
as usual, macports hasn't moved

10 years agoAdded a comment
https://www.google.com/accounts/o8/id?id=AItOawlcaGfdn9Kye1Gc8aGb67PDVQW4mKbQD7E [Tue, 14 Oct 2014 22:41:59 +0000 (18:41 -0400)]
Added a comment

10 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawlobQ5j7hQVIGkwMWW3yKB_DWqthJcpnsQ [Tue, 14 Oct 2014 22:31:11 +0000 (18:31 -0400)]

10 years agoAdded a comment
https://www.google.com/accounts/o8/id?id=AItOawlcaGfdn9Kye1Gc8aGb67PDVQW4mKbQD7E [Tue, 14 Oct 2014 22:25:13 +0000 (18:25 -0400)]
Added a comment

10 years agoone report suffices; not yet clear there's a bug
Amitai Schlair [Tue, 14 Oct 2014 22:19:09 +0000 (18:19 -0400)]
one report suffices; not yet clear there's a bug

10 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawk8U772S3jDrZJCO0WA5WaDLjJv5mMl6Yw [Tue, 14 Oct 2014 13:46:55 +0000 (09:46 -0400)]

10 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawk8U772S3jDrZJCO0WA5WaDLjJv5mMl6Yw [Tue, 14 Oct 2014 13:20:24 +0000 (09:20 -0400)]

10 years agoclarify
Amitai Schlair [Mon, 13 Oct 2014 20:21:15 +0000 (16:21 -0400)]
clarify

10 years agofindings and questions
Amitai Schlair [Mon, 13 Oct 2014 20:13:11 +0000 (16:13 -0400)]
findings and questions

10 years agoDo not pass ignored sid parameter to checksessionexpiry
Simon McVittie [Sat, 11 Oct 2014 08:28:02 +0000 (09:28 +0100)]
Do not pass ignored sid parameter to checksessionexpiry

checksessionexpiry's signature changed from
(CGI::Session, CGI->param('sid')) to (CGI, CGI::Session) in commit
985b229b, but editpage still passed the sid as a useless third
parameter, and this was later cargo-culted into remove, rename and
recentchanges.

10 years agocomments: don't log remote IP address for signed-in users
Simon McVittie [Sun, 12 Oct 2014 17:03:28 +0000 (18:03 +0100)]
comments: don't log remote IP address for signed-in users

The intention was that signed-in users (for instance via httpauth,
passwordauth or openid) are already adequately identified, but
there's nothing to indicate who an anonymous commenter is unless
their IP address is recorded.

10 years agogoogle search plugin: use https for the search
Simon McVittie [Sun, 12 Oct 2014 16:57:14 +0000 (17:57 +0100)]
google search plugin: use https for the search

10 years agodefault User-Agent changed
smcv [Sun, 12 Oct 2014 16:49:24 +0000 (12:49 -0400)]
default User-Agent changed

10 years agoSet default User-Agent to something that doesn't mention libwww-perl
Simon McVittie [Sat, 11 Oct 2014 08:43:34 +0000 (09:43 +0100)]
Set default User-Agent to something that doesn't mention libwww-perl

It appears that both the open-source and proprietary rulesets for
ModSecurity default to blacklisting requests that say they are
from libwww-perl, presumably because some script kiddies use libwww-perl
and are too inept to set a User-Agent that is "too big to blacklist",
like Chrome or the iPhone browser or something. This seems doomed to
failure but whatever.

10 years agoremoved
smcv [Sun, 12 Oct 2014 16:43:14 +0000 (12:43 -0400)]
removed

10 years agoAdded a comment
smcv [Sun, 12 Oct 2014 16:42:54 +0000 (12:42 -0400)]
Added a comment

10 years agohelp Markdown make a list
Amitai Schlair [Sun, 12 Oct 2014 16:42:13 +0000 (12:42 -0400)]
help Markdown make a list

10 years agoAdded a comment: fixed in a recent release, I think
https://www.google.com/accounts/o8/id?id=AItOawlcaGfdn9Kye1Gc8aGb67PDVQW4mKbQD7E [Sun, 12 Oct 2014 16:40:18 +0000 (12:40 -0400)]
Added a comment: fixed in a recent release, I think

10 years ago(no commit message)
openmedi [Sun, 12 Oct 2014 16:06:59 +0000 (12:06 -0400)]