Commit graph

12 commits

Author SHA1 Message Date
Jacques Distler
1cdf0536c1 Fix BlahTeX/PNG
The BlahTeX/PNG code was busted by Revision 344.
Fixed now.
Ari better supply me with a test suite, so this doesn't happen again.
2009-01-27 11:35:05 -06:00
Jacques Distler
34fd7b425f Webs that Don't Allow File Uploads
... should still allow you to manually upload files
and have them render.

Fixed.
2009-01-26 01:39:04 -06:00
Jacques Distler
5d15e3f39d Security: Instiki 0.16.2
On Webs with file uploads enabled, uploaded files were stored
(in version 0.16.1 and earlier) in the public/ directory.

This was a security threat. A miscreant could upload a .html file.
When a user clicked on the link to the file, it was opened (unsanitized)
in the browser.

As of version 0.16.2, uploaded files are stored in the webs/
directory. Now, when the user clicks on the link, the file is sent
with the

    Content-Disposition: attachment

header set, which causes the file to be downloaded, rather than opened
in the browser. As always, files downloaded from the internets should be
treated with caution. At least, this way, they are not aoutomatically 
opened in the browser.

To move your existing uploaded files to the new location, do a

     rake upgrade_instiki
2009-01-26 00:21:30 -06:00
Jacques Distler
82e7aa52c7 Referring Pages for File List
For the file_list  action, include the pages which link to the given file(s).
This required rejiggering so that that information is actually retained in the database.
Unfortunately, you'll actually need to revise the page(s) in question, because that's the
only time this information is updated in the database.
2009-01-10 00:18:25 -06:00
Jacques Distler
b74d298196 Manage Uploaded Files
Allow alternate sort-orders (by filename, by date).
Restrict to files in the given Web.
2008-12-31 11:30:33 -06:00
Jacques Distler
1d3f7007c6 Manage Uploaded Files
A less abstruse interface for deleting files (this time, many at-a-shot).
Available from the Edit Web page.
2008-12-31 03:54:23 -06:00
Jacques Distler
397859ba8a Clean Deletions
Deleting a page removes all revisions of that page.
Deleting a Web removes all pages (and all revisions thereof)
  and all wiki_files belonging to that Web.
2008-12-28 21:36:37 -06:00
Jacques Distler
0eb723e125 Accessibility: Use Uploaded File Descriptions
The file upload dialog asks for a description of the image or file to be uploaded. Use this as the default alt-text for the image and as a title attribute for a file link.
2007-10-09 02:51:38 -05:00
Jacques Distler
3b6cd309ff Sync with Instiki Trunk
Sync with Revision 519 of Instiki trunk (2007/5/7).
2007-05-11 11:47:38 -05:00
Jacques Distler
626c135d1e Security: ensure file upload directory is not world-writable.
(There still seem to be bugs in the file upload function.)
2007-03-10 11:26:30 -06:00
Jacques Distler
c358389f25 TeX and CSS tweaks.
Sync with latest Instiki Trunk
(Updates Rails to 1.2.2)
2007-02-09 02:04:31 -06:00
Jacques Distler
69b62b6f33 Checkout of Instiki Trunk 1/21/2007. 2007-01-22 07:43:50 -06:00