Commit graph

527 commits

Author SHA1 Message Date
Matthias Tarasiewicz 21b848c70e tagged 0.13 2008-03-17 15:07:27 +00:00
Jacques Distler 503f956084 Fix Two XSS Vulnerabilities
Unescaped  page names (in 'edit' an 'new' views).
Unsanitized HTTP_CLIENT_IP header.
2008-03-14 23:22:46 +00:00
Jacques Distler ab63a21ccd Fix Rails 1.2.5 deprecation warnings. 2007-10-15 19:12:36 +00:00
Matthias Tarasiewicz 2c8a3ec4d7 added instiki.bat for older windows versions 2007-10-15 07:08:45 +00:00
Matthias Tarasiewicz 7298fe97d2 updated trunk to rails 1.2.5 2007-10-15 07:05:58 +00:00
Matthias Tarasiewicz 69b9c77482 documentation updates 2007-10-15 06:45:51 +00:00
Matthias Tarasiewicz 5e095d59cb finally removed pdf and latex export which caused the export button to fail with mongrel. PDF export will be added later on without pdflatex. 2007-10-14 14:11:37 +00:00
Matthias Tarasiewicz 806a1fc682 added /tmp folder plus structure to make instiki work with mongrel_cluster 2007-10-09 15:13:22 +00:00
Jacques Distler 5cbdccec2a MIME-Types for WEBrick 2007-10-08 04:16:31 +00:00
Jacques Distler ab7f429a10 Security: Enforce POSTs
Spammers can bypass form_spam_protect plugin by using GET instead of POST.

Fix this, by ensuring that unsafe operations are POSTs, rather than GETs.
2007-10-07 17:59:20 +00:00
Matthias Tarasiewicz 4199843e08 changing back some 'require_dependency' to 'require' since it is not needed for all (info from jacques distler) 2007-09-28 08:40:24 +00:00
Jacques Distler 10b0561aca Category lists and WikiReferences restrict to current Web.
Fix one sanitization test.
2007-09-28 03:57:52 +00:00
Matthias Tarasiewicz 2cd2b2746e change of 'require_dependencies' to 'require' which should fix the 'superclass mismatch error' that occurred. 2007-09-27 06:09:58 +00:00
Jacques Distler a3d3f1c536 Fix XSS vulnerabilities in chunk-handling 2007-09-23 19:30:39 +00:00
Matt MacGillivray 36b86a9d41 Removed deprecation errors for rails 1.2.3. Corrected test case failures as a result of updated features and functionality 2007-05-07 22:46:00 +00:00
Matthias Tarasiewicz 322a09274f in response to #406 - commented out parts in the css that would render the admin part ununsable. still needs research. 2007-04-08 20:12:23 +00:00
Matthias Tarasiewicz 40a71e80d9 fixes #439 by patch from alex eagle 2007-04-08 19:37:47 +00:00
Matthias Tarasiewicz ca9e155c17 reverted redcloth to 3.0.3 (fixes formatting bugs)
upgraded integrated rails to 1.2.3
2007-03-18 10:20:35 +00:00
Michal Wlodkowski 8fb8517156 css updates 2007-02-27 21:56:13 +00:00
Jacques Distler 552cf4cff0 XSS Security fixes 2007-02-25 15:13:50 +00:00
Matthias Tarasiewicz c9a9b7d315 adding the form_spam_protection plugin that was missing from the last commit 2007-02-13 13:27:54 +00:00
Matthias Tarasiewicz 113223f364 - AntiSPAM: included form-spam-protection rails plugin (Hivelogic Enkoder)
- update: updated scripts and javascripts to rails 1.2.1
2007-02-13 13:24:03 +00:00
Matthias Tarasiewicz ad22579668 cookie fix: being logged in on more Webs at once works now [Jaques Distler] 2007-02-10 09:47:36 +00:00
Matthias Tarasiewicz 49032a99c6 svn:external rails updated to 1.2.2
fixed ticket #372 typo in db-query
sqlite3-ruby updated to 1.2.1
2007-02-08 22:01:36 +00:00
Matthias Tarasiewicz 7378ce9610 reverted to rails 1.1.6 since there were problems reported 2007-01-18 19:31:07 +00:00
Matthias Tarasiewicz 1877f66f17 big update to the web_list - statistics: last update, last document, created or revised; plus css updates to make small fonts look better in firefox 2007-01-18 17:57:16 +00:00
Matthias Tarasiewicz 2e558d5222 fixed the correct display of authors per web. added singular/plural for authors and pages. css optimizations 2007-01-18 13:33:52 +00:00
Matthias Tarasiewicz 4eefc3c979 updated to rails 1.2 stable 2007-01-18 08:42:39 +00:00
Matthias Tarasiewicz 95d794cfcb fixes Ticket #259 html_options minor fix 2007-01-17 21:28:20 +00:00
Matthias Tarasiewicz 85a568fe79 added back jcode 2007-01-17 21:00:17 +00:00
Matthias Tarasiewicz 4f312bc336 removed jcode unicode reference, since this is included in rails 1.2 2007-01-17 20:53:46 +00:00
Matthias Tarasiewicz 692a1beffe updated rubyzip from 0.5.8 to 0.9.1 and moved plugin into the right folder 2007-01-17 12:47:46 +00:00
Matthias Tarasiewicz 78ebbed446 updating environment.rb to reflect sqlite3-ruby move 2007-01-17 12:26:46 +00:00
Matthias Tarasiewicz 80028814a6 moved sqlite3-ruby in the right directory (preparing for proper rails 1.2 directory structure) 2007-01-17 12:25:48 +00:00
Matthias Tarasiewicz 1596d84333 updated recloth to 3.0.4 2007-01-17 12:08:16 +00:00
Matthias Tarasiewicz 69945c9d9d updated svn:external rails to 1.2rc1 to implement changes like unicode and other rails 1.2 features 2007-01-17 11:37:02 +00:00
Matthias Tarasiewicz c39ca54b8c config_load path for dnsbl_check 2007-01-16 07:28:48 +00:00
Matthias Tarasiewicz 1005d92bd1 web list does not show a link to a published version if it has none [Jesse Newland]
visual display if webs are pass-protected (div background)
2007-01-16 07:23:53 +00:00
Matthias Tarasiewicz 8bfe83fa20 fix PDF output not to contain garbage chars [Jesse Newland] 2007-01-16 07:21:16 +00:00
Matthias Tarasiewicz bdf5ab51ef ANTISPAM: included dnsbl_check - DNS Blackhole Lists check [thanks to joost from http://www.spacebabies.nl ] 2007-01-16 07:16:56 +00:00
Matthias Tarasiewicz d7508a34ab updated packaged sqlite3-ruby to 1.2.0 2007-01-16 07:13:14 +00:00
Matthias Tarasiewicz 4481c8bdf6 ANTISPAM: added spam_patterns from the main instiki site wikispam 2007-01-16 07:07:31 +00:00
Matthias Tarasiewicz 9aaf45a810 added support for delete_web 2007-01-16 07:05:04 +00:00
Matthias Tarasiewicz 26024acddc added Rails 1.2 compatibility information, after checking 2007-01-14 06:11:14 +00:00
Alexey Verkhovsky 8323b12795 get_page_and_revision handles the case of no rev parameter explicitly, rather than by chance 2006-09-19 19:13:02 +00:00
Alexey Verkhovsky 453968a08b made gray a lighter shade 2006-09-14 16:49:15 +00:00
Alexey Verkhovsky 84a8f66505 documented the last change 2006-09-07 04:10:01 +00:00
Alexey Verkhovsky 4b29a843e5 Fixes #248 2006-09-07 04:07:51 +00:00
Alexey Verkhovsky 839dc364dd fixes #280 2006-09-07 03:11:53 +00:00
Alexey Verkhovsky 8f48a19827 documented the last change 2006-09-07 03:04:34 +00:00