I installed the rails_xss plugin, for
the main purpose of seeing what will
break with Rails 3.0 (where the behaviour
of the plugin is the default). I think
I've fixed everything, but let me know if you
see stuff that is HTML-escaped, which
shouldn't be.
As a side benefit, we now use Erubis,
rather than ERB, to render templates.
They tell me it's faster ...
Under Ruby 1.9, could not delete orphan
pages with utf-8 names. They would be
listed as orphan, but "Delete Orphan Pages"
would silently not delete them.
Fixed.
... is to settle these encoding issues
once and for all.
Let's override the accessor methods, which
seems to offer a simpler solution.
Now with tests (for whatever that helps)...
The default encoding in MySQL is latin1. Ruby 1.9
is a stickler about the encoding of a sequence of bytes.
In this case, a utf8 page name stored in the database comes
back as "ASCII-8BIT" (ie, binary). Coerce that back to utf8.
This doesn't affect SQLite3, and it doesn't affect Ruby 1.8.
It doesn't even affect MySQL databases with "utf8" encoding
(though that has other issues, since MySQL's utf8 support is
broken).
There are probably other, similar problems lurking.
Web#files_path and Web#blatex_pngs_path now return Pathname objects.
Based on JHerdman's
5d1e8f420b
but requires several other changes to the code (which assumed a string).
Also, test for itex2MML 1.3.10 (you should update that too).
Added the ability to rename existing pages.
[[!redirects Some Page Name]] redirects Wikilinks [[Some Page Name]] to
the current page (assuming "Some Page Name" does not exist).
Real pages trump redirects (though this may change, depending on
user feedback).
On Webs with file uploads enabled, uploaded files were stored
(in version 0.16.1 and earlier) in the public/ directory.
This was a security threat. A miscreant could upload a .html file.
When a user clicked on the link to the file, it was opened (unsanitized)
in the browser.
As of version 0.16.2, uploaded files are stored in the webs/
directory. Now, when the user clicks on the link, the file is sent
with the
Content-Disposition: attachment
header set, which causes the file to be downloaded, rather than opened
in the browser. As always, files downloaded from the internets should be
treated with caution. At least, this way, they are not aoutomatically
opened in the browser.
To move your existing uploaded files to the new location, do a
rake upgrade_instiki
For the file_list action, include the pages which link to the given file(s).
This required rejiggering so that that information is actually retained in the database.
Unfortunately, you'll actually need to revise the page(s) in question, because that's the
only time this information is updated in the database.
Deleting a page removes all revisions of that page.
Deleting a Web removes all pages (and all revisions thereof)
and all wiki_files belonging to that Web.
The file upload dialog asks for a description of the image or file to be uploaded. Use this as the default alt-text for the image and as a title attribute for a file link.
This works fine with the default Webrick. But, if you're running under Mongrel (say), you probably
want to customize this in config/environments/production.rb .
Jacques Distler
Jason R. Blevins