Commit graph

15 commits

Author SHA1 Message Date
Jacques Distler a5e08f7bcc Rails_xss Plugin
I installed the rails_xss plugin, for
the main purpose of seeing what will
break with Rails 3.0 (where the behaviour
of the plugin is the default). I think
I've fixed everything, but let me know if you
see stuff that is HTML-escaped, which
shouldn't be.

As a side benefit, we now use Erubis,
rather than ERB, to render templates.
They tell me it's faster ...
2010-05-26 00:27:49 -05:00
Jacques Distler 954bcb52c2 The Rails Way
The previous implementation, in Revision
541, was ugly. This is better.
2010-01-29 11:13:16 -06:00
Jacques Distler aea2c5099f More Ruby 1.9 Encoding Fun
Under Ruby 1.9, could not delete orphan
pages with utf-8 names. They would be
listed as orphan, but "Delete Orphan Pages"
would silently not delete them.

Fixed.
2010-01-24 12:23:47 -06:00
Jacques Distler 0c2bc65e7a All I want for Christmas ...
... is to settle these encoding issues 
once and for all.

Let's override the accessor methods, which 
seems to offer a simpler solution.

Now with tests (for whatever that helps)...
2010-01-06 08:15:34 -06:00
Jacques Distler 6e6bf1a446 Yikes! Yet more Ruby 1.9 Encoding Issues
We're getting there. Thanks to Andrew Stacey.
2010-01-05 09:35:14 -06:00
Jacques Distler 6cf1463525 Revert Revision 520; This is more thorough
This ensures that @page.name has the right (utf8)
encoding.
2010-01-04 18:43:27 -06:00
Jacques Distler d786e95a77 Ruby 1.9 + MySQL Hack
The default encoding in MySQL is latin1. Ruby 1.9
is a stickler about the encoding of a sequence of bytes.
In this case, a utf8 page name stored in the database comes
back as "ASCII-8BIT" (ie, binary). Coerce that back to utf8.

This doesn't affect SQLite3, and it doesn't affect Ruby 1.8.
It doesn't even affect MySQL databases with "utf8" encoding
(though that has other issues, since MySQL's utf8 support is
broken).
There are probably other, similar problems lurking.
2010-01-04 06:41:04 -06:00
Jacques Distler 12207bc01c Redirect Targets are not Orphaned
A pages that is linked-to, via a redirect, is not orphaned.
2009-06-06 12:37:00 -05:00
Jacques Distler 0943b7e510 Expire Caches for Redirected Links
[[!redirect foo]] should expire all pages which reference "foo".
Sounds simple, but this was a really gnarly bug to fix.
2009-06-05 00:39:12 -05:00
Jacques Distler d7832ba262 Wiki Redirects and Page Renaming
Added the ability to rename existing pages.
[[!redirects Some Page Name]] redirects Wikilinks [[Some Page Name]] to
  the current page (assuming "Some Page Name" does not exist).
  Real pages trump redirects (though this may change, depending on 
  user feedback).
2009-06-02 22:17:15 -05:00
Jacques Distler 397859ba8a Clean Deletions
Deleting a page removes all revisions of that page.
Deleting a Web removes all pages (and all revisions thereof)
  and all wiki_files belonging to that Web.
2008-12-28 21:36:37 -06:00
Jacques Distler d46798dd08 Security: Sanitize Remote IP address
Dunno quite how, but evidently, request.ip is manipulable. Make sure it consists of a dotted-quad.
Also, correct a typo from the previous revision.
2008-03-14 10:50:06 -05:00
Jacques Distler 609c5541b9 Yet More Philip Taylor Phun
Escape page names.

Grrr.
2008-03-13 23:02:12 -05:00
Jacques Distler 207fb1f7f2 New Version
Sync with Latest Instiki Trunk.
Migrate to Rails 1.2.5.
Bump version number.
2007-10-15 12:16:54 -05:00
Jacques Distler 69b62b6f33 Checkout of Instiki Trunk 1/21/2007. 2007-01-22 07:43:50 -06:00