Commit graph

171 commits

Author SHA1 Message Date
Jacques Distler 1d32d45944 Upgrade Vendored rubyzip to Version 0.9.3 2009-12-23 02:19:16 -06:00
Jacques Distler a71e64a172 Update Vendored sqlite3-ruby 2009-12-22 20:48:32 -06:00
Jacques Distler 76f388f3e2 Vendor Rack 1.0.1
Incorporate patch from Revision 496.
2009-12-18 20:16:58 -06:00
Jacques Distler f7044ecbb4 Ruby 1.9.1 Fixes
Some more fixes to deal with Ruby 1.9.1.
2009-12-02 12:46:15 -06:00
Jacques Distler 063a8ca5a7 Fix Maruku Ruby 1.9 Bug
In Rbuy 1.8, ?c returns an integer.
In Ruby 1.9, it returns a 1-character
string. This was causing one of our
LaTeX conversion functional tests to
fail.
Fixed.
2009-12-01 21:29:07 -06:00
Jacques Distler a6429f8c22 Ruby 1.9 Compatibility
Completely removed the html5lib sanitizer.
Fixed the string-handling to work in both
Ruby 1.8.x and 1.9.2. There are still,
inexplicably, two functional tests that
fail. But the rest seems to work quite well.
2009-11-30 16:28:18 -06:00
Jacques Distler 2f3ff9f651 Efficiency
There's a moderate efficiency gain to be had by
using Set#include?, rather than Array#include?
in the sanitizer.
2009-10-08 16:22:50 -05:00
Jacques Distler 698daecf0e Maruku "Email" Header Detection
The Regexp, used in Maruku to detect "email"
headers (used, e.g., for S5 slideshow metadata)
could, for some inputs, interact badly with
Instiki's Chunk Handler.
Fixed.
2009-07-13 23:59:09 -05:00
Jacques Distler ef5878cf11 Put class name on <pre>, rather than <code>
Better CSS styling options ensue, if we put
the class='lang' on the <pre> element.

(Suggested by Casper Gripenberg)
2009-07-06 15:30:35 -05:00
Jacques Distler a84648cff1 Fix Maruku Escaping Bug
Sync with latest Maruku (now on github).
lib/maruku/ext/math/mathml_engines/none.rb should
HTML-escape the TeX source code. No it does.
2009-05-13 01:27:39 -05:00
Jacques Distler ec7141942b Instiki 0.16.6
Fix an incompatiblity between form_spam_protect and IE7.
(Thanks to Jason Blevins)
Roll a new version.
2009-05-08 16:13:25 -05:00
Jacques Distler 681065631c Add Support for SVG Clipping Paths
Add support in the sanitizer for <clipPath>, @clip-path and @clip-rule.
Suggested by Andrew Stacey.
2009-05-07 16:53:56 -05:00
Jacques Distler e33ccad293 Remove list.dsbl.org
The dnsbl list at list.dsbl.org is defunct.
Also: a Ruby 1.9 compatiblity tweak for Maruku.
2009-05-03 00:57:07 -05:00
Jacques Distler d425a70fad Yikes!
Yet more dangerously greedy Regexps in Maruku,
and one of my own.
2009-03-27 09:25:08 -05:00
Jacques Distler 7403ea6a6b Don't be greedy!
Maruku uses greedy Regexps in a number of places, which,
in unfavourable circumstances, can lead to exponential
slowdowns (an apparent hang).

We worked around one such bug in Revision 355. Recently,
Toby Bartels found another (in Table Header parsing).
The "real" solution seems to be to make sure the Regexps
are not greedy. (Thanks to Sam Ruby for spotting the problem!)

Reverted the workaround in Revision 355, fixed Toby's
bug, and several other similar Regexps.
2009-03-27 02:44:49 -05:00
Jacques Distler c7418af48d Support for HTML5 <audio>
As with <video>,

   [[foo.wav:audio]]

works now, producing an HTML5 <audio> element.
2009-03-03 12:17:14 -06:00
Jacques Distler 8ea8b6a8f7 <video> and x-sendfile
Using <object> and <embed> were forbidden for obvious
security reasons. Instiki now permits embedding video
via the HTML5 <video> element (Ogg/Theora encoded videos
only, with .ogg or .ogv extensions). You can even upload
videos with

    [[foo.ogg:video]]

Instiki now support x-sendfile. See the Proxying page for
configuring Apache (with the x-sendfile module). Lighttpd
should work similarly.

Update Rails to latest Edge (hopefully converging on RC2!).
2009-03-02 02:32:25 -06:00
Jacques Distler 133c21b801 Bugfixes and Rails Edge
Update to Rails 2.3.1.
  (Actually, not quite. Doesn't look like 2.3.1 will be released
   today, but I REALLY want to push these bugfixes out.)
Removed bundled Rack (Rails 2.3.1 comes bundled with Rack 1.0).
Add
     config.action_view.cache_template_loading = true
  to production environment.
Fix FastCGI bug (http://rubyforge.org/tracker/index.php?func=detail&aid=24191&group_id=186&atid=783).
Fix WikiWords bug (http://rubyforge.org/pipermail/instiki-users/2009-February/001181.html).
2009-02-27 19:23:00 -06:00
Jacques Distler 53751a61f0 Fix Maruku Hanging Bug
A Maruku-syntax <div> with an unclosed IAL (and, it seems, at least one equation)
would cause Instiki to hang. Badly. Requiring a 'kill -9' to terminate it.
Reverting the OpenDiv and CloseDiv Regexps to my, more simple-minded, versions
fixes the problem.
2009-02-09 22:20:34 -06:00
Jacques Distler 4e14ccc74d Instiki 0.16.3: Rails 2.3.0
Instiki now runs on the Rails 2.3.0 Candidate Release.
Among other improvements, this means that it now 
automagically selects between WEBrick and Mongrel.

Just run

    ./instiki --daemon
2009-02-04 14:26:08 -06:00
Jacques Distler b80995dbdc Equation Numbering in Maruku+itex2MML
This was spooged by Revision #263 (to accommodate) BlahTeX/PNG support.
Hopefully this way will work in both modes.
2009-01-24 11:40:53 -06:00
Jacques Distler 52c1f74ecc Add a couple of XSS tests.
Some more tests from Clint Ruoho. The main branch of Instiki (and, I guess,
the old sanitizer) are vulnerable.

Also: under Ruby 1.8.x, CGI.unescapeHTML screws up horribly decoding NCRs
which represent high-bit ASCII characters. UTF-8 agrees with 7-bit ASCII,
but CGI.unescapeHTML doesn't seem to know that they disagree for i>127.
2009-01-05 16:25:27 -06:00
Jacques Distler 3929fceaf8 Fix buglet in xhtmldiff
Fixes one of two formely broken unit tests.
2008-12-18 22:12:23 -06:00
Jacques Distler 5d2b0da4d5 Faster
Update dnsbl_check plugin to latest version.
Update Maruku to latest version.
In the wiki_controller, only apply the dnsbl_check before_filter 
  to the :edit, :new, and :save actions, instead of all actions.
  This makes mundane "show" requests faster, but does not 
  compromise spam-fighting ability.
2008-12-16 00:40:30 -06:00
Jacques Distler 65c08e1090 Update SQLite3 Drivers
Update bundled drivers to version 1.2.4.
2008-12-15 14:45:15 -06:00
Jacques Distler 5d7d89d193 Fix Slowdown in Sanitizer Regexp
Deal with the issue:

   http://code.google.com/p/html5lib/issues/detail?id=83

by fixing a regexp used for sanitizing inline style attributes.
2008-12-09 08:54:35 -06:00
Jacques Distler 7e66134e2f Update Maruku Author List
Yay, me!
2008-12-05 12:31:44 -06:00
Jacques Distler 11930dfabd Update HTML5lib Sanitizer Test, Accordingly 2008-12-01 14:11:57 -06:00
Jacques Distler af8157130a Clarify form_spam_protection Error Message
You need cookies enabled, too (since Instiki stores session data in a cookie).
2008-11-30 17:44:21 -06:00
Jacques Distler bceb1864df Fixes
Fix Session CookieOverflow bug when rescuing an InstikiValidation error.
Fix some random things which will cause problems with Ruby 1.9. (Plenty
more where those came from.)
2008-11-05 22:24:14 -06:00
Jacques Distler 39348c65c2 Make Andrea Happy
Use a counter, instead of rand() to aid in generating unique IDs in Maruku.
Add Unit test for the Theorem Environment.
2008-10-25 00:52:59 -05:00
Jacques Distler e48b000c11 Tweak from Ari Stern
Match Maruku Revision 184: change wrapper for embedded TeX in display equation from
a <div> to a <span>.
2008-10-23 22:44:53 -05:00
Jacques Distler 0fdb13b257 Whoops! Forgot one.
This fixes LaTeX output for Theorem cross-refs.
2008-10-21 00:26:31 -05:00
Jacques Distler 2fb41f12ce Automatic Theorem Numbering
Can now refer to numbered theorems by \ref{...}, as in LaTeX
2008-10-20 00:24:22 -05:00
Jacques Distler da81a2fbdb Fix bug in IAL detection in maruku/ext/div.rb 2008-10-17 22:34:16 -05:00
Jacques Distler 34082fbf94 Theorem Environments
Implement amsthm-like Theorem environments with Maruku.
Support is based on Maruku "div"s with special class-names.
Classes
    num_*
produce numbered environments, and

    un_*

produce un-numbered environments, where * is one of

   theorem     (for Theorem)
   lemma       (for Lemma)
   prop        (for Proposition)
   cor         (for Corollary)
   def         (for Definition)
   example     (for Example)
   remark      (for Remark)
   note        (for Note)

In addition, the class

   proof

produces a Proof environment.

The LaTeX export works as expected, and these also work in the S5 view.

Bumped version number.
2008-10-17 16:26:17 -05:00
Jacques Distler 6f3e9a9e17 Enable Maruku div Markdown extension 2008-10-15 10:29:35 -05:00
Jacques Distler 37aff87d71 Sync with latest Maruku
Contains Ari Stern's additions for Blahtex support.
2008-08-05 13:18:23 -05:00
Jacques Distler e1c7d035c9 Some more SVG attributes for the sanitizer
From Sam Ruby.
2008-07-28 10:57:55 -05:00
Jacques Distler c427807274 Blahtex
Sync with latest Maruku.
Pave the way for Blahtex (PNG-based math) support (from Ari Stern).
   (no visible functionality, yet, but that will come)
2008-07-26 04:14:41 -05:00
Jacques Distler 800880f382 Rough In New Sanitizer
Start work (which may not pan out) on a new sanitizer. Right now, it passes
all but 1 of the HTML5lib Sanitizer's unit tests. But it doesn't do much
of anything to ensure well-formedness. This is not an issue for Maruku-processed
content, but it is a concern for <nowiki> blocks.

(One solution would be to use the HTML5lib parser on <nowiki> blocks.)

In any case, this baby is 3 times as fast as the HTML5lib sanitizer.
2008-05-20 17:02:10 -05:00
Jacques Distler 1d5faf4a84 Upgrade to latest REXML
Sync with REXML svn.
2008-04-12 18:56:02 -05:00
Jacques Distler 9b7b6fb805 Latest Maruku and Tweak for itex2MML 1.3.4
Instiki's LaTeX output also supports \Perp.
2008-02-29 01:30:46 -06:00
Jacques Distler 5dd0507acc Support svg:foreignObject
Fixes to the html5lib sanitizer and maruku to support the SVG <foreignObject> element.
Also update to the latest REXML.
2008-02-03 23:56:17 -06:00
Jacques Distler 15640ca7a3 Latest REXML and Latest Maruku 2008-02-01 01:25:38 -06:00
Jacques Distler 550c2e6c40 Remove the action_cache plugin
The action_cache plugin is now rather superfluous (Rails has native support for ETags, for instance).
And it wasn't working right with Rails 2.0.x (pages were being cached, and 304s were being returned
as appropriate, but cached pages were not being served).
2008-01-22 23:35:35 -06:00
Jacques Distler 5db9ddaf47 Fix Busted Functional Tests
Fix the functional tests busted by Revision 212.
Sync with latest HTML5lib.
2008-01-21 11:59:55 -06:00
Jacques Distler 51474e06c8 Styling Hook
Add a distinct class-name for the footer in the page view.
2008-01-19 15:06:17 -06:00
Jacques Distler bb3ccfed4e Make life a little more difficult for spammers
Sessions are now stored in a cookie (signed and Base-64 encoded).
Form_spam_protection stores form_keys in the session.
Make sure spambots implement both cookies and javascript, by storing hashed (with salt) keys in the session.
2008-01-18 14:49:28 -06:00
Jacques Distler e7d080db25 Slightly More Efficient
A slightly more efficient implementation of the above change to form_spam_protection.
2008-01-17 03:47:08 -06:00
Jacques Distler 72b4f97382 Garbage Collection of :form_keys
In each session, keep only the 30 most recent :form_keys generated by form_spam_protection.
This should be more than enough for ordinary usage, but prevents the session data from
becoming inordinately large.

Also, burnt-orange rulz!
2008-01-17 03:20:19 -06:00
Jacques Distler 4586614914 Misc Cleanup
Cleaned up some dependencies, and added a mime_types.yml file for Mongrel-compatibility.
2008-01-14 14:46:38 -06:00
Jacques Distler f101ee9a21 Manage_Fixtures
Make sure manage_fixtures plugin doesn't mess with fixtures in test/fixtures.
Also, a slightly more elegant version of the REXML version test.
2008-01-13 00:26:25 -06:00
Jacques Distler 38ae064b8a Bundle Latest REXML
Sam Ruby has been doing a bang-up job fixing the bugs in REXML.
Who knows when these improvements will trickle down to vendor distributions of Ruby.
In the meantime, let's bundle the latest version of REXML with Instiki.
We check the version number of the bundled REXML against that of the System REXML, and use whichever is later.
2008-01-11 23:53:29 -06:00
Jacques Distler 1085168bbf Update to latest HTML5lib, Add Maruku testdir
Sync with the latest html5lib.
Having the Maruku unit tests on-hand may be useful for debugging; so let's include them.
2008-01-08 00:01:35 -06:00
Jacques Distler 5d52cf303f Conditional Use of New REXML Output Logic.
Thanks to Sam Ruby for pointing out the problem.
2007-12-28 19:58:22 -06:00
Jacques Distler 6873fc8026 Upgrade to Rails 2.0.2
Upgraded to Rails 2.0.2, except that we maintain

   vendor/rails/actionpack/lib/action_controller/routing.rb

from Rail 1.2.6 (at least for now), so that Routes don't change. We still
get to enjoy Rails's many new features.

Also fixed a bug in Chunk-handling: disable WikiWord processing in tags (for real this time).
2007-12-21 01:48:59 -06:00
Jacques Distler 0f6889e09f Fix Unicode bug
Fix Diego Restrepo's bug (see Rev 184).
Update to latest HTML5lib.
2007-12-17 03:17:43 -06:00
Jacques Distler 70025a4ba3 More SVG Sanitization 2007-10-31 01:00:45 -05:00
Jacques Distler eca126f589 Sanitize <svg:image>
This element is unsafe.
2007-10-29 13:51:41 -05:00
Jacques Distler f24c60c3fb Better handling of SVG attributes which admit uri refs
Just strip out the URI ref, leaving alternates.
2007-10-27 23:08:13 -05:00
Jacques Distler 5208bbf0af Sanitize url refs in SVG attributes
Add some tests.
Sync with latest HTML5lib (includes above sanitization improvements).
2007-10-27 17:34:29 -05:00
Jacques Distler 8ce5016b41 UTF-8 Bug
Create a test case for utf-8 bug reported by Diego Restrepo. Seems to be related to WikiWord chunk handling.
Add some other tests, and fix a minor bug in vendor/plugins/maruku/lib/maruku/ext/math/latex_fix.rb.
2007-10-26 00:48:43 -05:00
Jacques Distler a92b593949 SVG in Equations
Support the new "svg" environment from itex2MML 1.3.
2007-10-22 22:24:25 -05:00
Jacques Distler 36f55fc9aa Add support for the MathML <semantics> Element 2007-10-21 02:19:10 -05:00
Jacques Distler 207fb1f7f2 New Version
Sync with Latest Instiki Trunk.
Migrate to Rails 1.2.5.
Bump version number.
2007-10-15 12:16:54 -05:00
Jacques Distler 148afb77e0 Sync with latest Maruku
Apparently, Maruku had trouble with the latest release of Ruby (1.8.6, patchlevel 110). This should fix it.
2007-10-10 22:06:44 -05:00
Jacques Distler 55fdc9fff4 Sync with latest HTML5lib 2007-10-06 11:55:58 -05:00
Jacques Distler c67382d340 Start on LaTeX
Pave the way for Jason's LaTeX macro support.
Also, uniformize the capitalization of "ETag".
2007-10-04 02:50:08 -05:00
Jacques Distler 06d96349e4 Don't stomp on test/fixtures, when dumping the database to YAML
Tweak the manage_fixtures plugin to use the dump/fixtures instead of test/fixtures directory.
2007-09-23 01:50:40 -05:00
Jacques Distler e8769c0b83 Add the manage_fixtures plugin for easy database migration 2007-09-20 00:36:07 -05:00
Jacques Distler ed68d975df Update to latest HTML5lib
Fix that Tokenizer bug for real this time.
2007-09-09 22:26:19 -05:00
Jacques Distler 5b182bd228 HTML5lib Bug
Fixed a bug in the HTML5lib tokenizer (affects S5 slideshows).
Some miscellaneous code cleanup. In particular, don't bother with zapping control characters;
instead, rely on is_utf8? method to raise an exception (which we do anyway).
2007-09-06 10:40:48 -05:00
Jacques Distler f482036683 S5 Themes Support
Added support for S5 Themes. Themes are stored in the public/s5/themes/ directory.
6 themes are included: default, nautilus, blue, flower, i18n, pixel.
2007-09-05 08:38:54 -05:00
Jacques Distler 81d3cdc8e4 Minor S5 tweaks and Sync with Latest HTML5lib 2007-08-30 12:19:10 -05:00
Jacques Distler 1bc5da0053 Use XHTMLSerializer, where appropriate. 2007-07-04 18:53:03 -05:00
Jacques Distler 8ccaad85a5 Sync with latest HTML5lib and latest Maruku 2007-07-04 17:36:59 -05:00
Jacques Distler 8e92e4a3ab Sync with latest HTML5lib 2007-06-22 03:12:08 -05:00
Jacques Distler df2898d940 Fix Caching bug (bis)
Nope! It's not a Rails bug. It's an action_cache plugin bug, after all. Fixed now.
2007-06-15 09:59:32 -05:00
Jacques Distler 31f691329a Fix Caching Bug
Files with "+"s in their names (e.g. from Wiki pages with spaces in their names) were not being expired properly. This is actually a Rails bug, but I fixed it by patching the action_cache plugin.
2007-06-15 09:18:06 -05:00
Jacques Distler 3de374d6c1 More fixes, sync with HTML5lib
Do a better job with the wrapper <div>s added by xhtmldiff and Maruku's to_html_tree method.
More tests fixed.
2007-06-13 23:05:15 -05:00
Jacques Distler 3ca33e52b5 Cleanup
Got rid of redcloth_for_tex.
Fixed almost all the busted tests.
2007-06-13 01:56:44 -05:00
Jacques Distler 2da672ec5b Many Minor Fixes
Fixed a whole bunch of minor stuff.
Had a go at getting some of the plethora of broken tests to pass.
2007-06-12 17:37:55 -05:00
Jacques Distler 0ddd422059 Sync with latest HTML5lib 2007-06-11 23:33:06 -05:00
Jacques Distler c2bfdefa57 Another XSS fix
Yet another interesting XSS attack from 
  http://ha.ckers.org/xss.html
2007-06-11 00:03:51 -05:00
Jacques Distler aac197430c More XSS vectors defanged 2007-06-10 15:07:26 -05:00
Jacques Distler a6cbf38304 Table elements, too
Last fixup for the sanitizer tests.
2007-06-09 22:53:35 -05:00
Jacques Distler 6b2ec7354b Rationalize Sanitizer Tests 2007-06-09 22:21:50 -05:00
Jacques Distler 3bf560c3b3 Updated to Latest HTML5lib
Synced with latest HTML5lib.
Added some RDoc-compatible documentation to the sanitizer.
2007-06-08 17:26:00 -05:00
Jacques Distler 86a7577975 Renamed one function. 2007-06-06 14:36:54 -05:00
Jacques Distler 0012efcfb4 Fixed Porting Error in HTML5lib Serializer 2007-06-06 08:44:57 -05:00
Jacques Distler 8846b2cda5 Sync with Latest HTML5lib
Some more tweaks
2007-06-06 08:12:03 -05:00
Jacques Distler fd183eac04 More Tests
Put the Serializer version of the Sanitizer through its paces.
2007-06-06 00:56:43 -05:00
Jacques Distler e1acebe6e4 Bugfix
Me stoopid.
2007-06-05 18:06:26 -05:00
Jacques Distler bd8ba1f4b1 REXML Trees
Synced with latest HTML5lib.
Added preliminary support (currently disabled) for sanitizing REXML trees.
2007-06-05 16:34:49 -05:00
Jacques Distler 4dd70af5ae HTML5lib is Back.
Synced with latest version of HTML5lib, which fixes problem with Astral plane characters.
I should really do some tests, but the HTML5lib Sanitizer seems to be 2-5 times slower than the old sanitizer.
2007-05-30 10:45:52 -05:00
Jacques Distler dc629f5c07 Do Content-negotiation for Cached Content
The action_cache plugin broke our content-negotiation.
Fixed.
2007-05-28 12:48:42 -05:00
Jacques Distler 5db9b7d3ea Fixed action_cache Plugin
The action_cache plugin had Conditional GET (If-Modified-Since) support. I added ETag (If-None-Match) support.
2007-05-26 14:11:53 -05:00
Jacques Distler d62b880e3f ETags and Action Caching
Added the action_cache plugin

    http://agilewebdevelopment.com/plugins/action_cache

which does action-caching with ETags support. The built-in Rails ETags "solution" sucks, because it forces a page-rerender, even when the content is unchanged.
2007-05-25 22:52:42 -05:00
Jacques Distler 6b21ac484f HTML5lib Sanitizer
Replaced native Sanitizer with HTML5lib version.
Synced with latest Maruku.
2007-05-25 20:52:27 -05:00