Commit graph

681 commits

Author SHA1 Message Date
Jacques Distler ebc409e1a0 Ensure the_content REALLY is utf-8
Our check that the the_content was valid utf-8 was rather busted.
This one works right. In particular, we needed to expand NCRs before checking.
2008-01-03 15:27:03 -06:00
Jacques Distler c89aeb6665 Some Tests for Philip Taylor Phun 'n Games
Some tests for the illegal Unicode characters in search queries (and elsewhere).
2008-01-02 02:33:05 -06:00
Jacques Distler c8196cbe41 More Unicode Fun
From Philip Taylor (via Henri Sivonen): disallow U+fffe and U+ffff.
2008-01-01 22:00:07 -06:00
Jacques Distler 14e3728183 A Tweak to the Error-Page Layout 2007-12-30 20:34:08 -06:00
Jacques Distler 0c16ab4e6f Better Error for Stale Session
Rather than giving a generic 500 error, tell the user to reload the page.
2007-12-30 10:41:19 -06:00
Jacques Distler a2c7705de5 More of the Same. 2007-12-30 03:58:57 -06:00
Jacques Distler df28bd545a Well-Formed Error Pages
Apparently, my fans think returning raw text error messages are a bad thing.
Well-formed XHTML for them, I guess ...
2007-12-30 03:28:33 -06:00
Jacques Distler 5d52cf303f Conditional Use of New REXML Output Logic.
Thanks to Sam Ruby for pointing out the problem.
2007-12-28 19:58:22 -06:00
Jacques Distler 6cd8d8d2ef Fixes from Jason Blevins
Removed some (fossil) test dependencies and a deprecation warning.
Patched the Rails 2.0.2 routing code to emit old-style Instiki URLs.
2007-12-24 17:26:40 -06:00
Jacques Distler a0cf0951af Document the Secret Key configuration a bit 2007-12-24 17:18:30 -06:00
Jason Blevins f1106428dc Included a test for page names with spaces.
Upgraded to Rails 2.0.2 routing code.  Kept the "old" CGI-style escaping rather than using URI.escape.
2007-12-24 16:02:14 -05:00
Jason Blevins feed609d86 Removed unneeded test dependencies. 2007-12-24 15:33:39 -05:00
Jason Blevins d042b4fd94 config.breakpoint_server has been deprecated and has no effect. 2007-12-22 23:54:29 -05:00
Jason Blevins fc586e3f6b Sync with trunk: upgrade to Rails 2.0.2 2007-12-22 11:15:52 -05:00
Jacques Distler e74deb0cfb Unit test
Add a unit test for previous WikiWord fix.
2007-12-21 08:53:45 -06:00
Jacques Distler 6873fc8026 Upgrade to Rails 2.0.2
Upgraded to Rails 2.0.2, except that we maintain

   vendor/rails/actionpack/lib/action_controller/routing.rb

from Rail 1.2.6 (at least for now), so that Routes don't change. We still
get to enjoy Rails's many new features.

Also fixed a bug in Chunk-handling: disable WikiWord processing in tags (for real this time).
2007-12-21 01:48:59 -06:00
Jason Blevins 7dbf8be706 Merged with trunk. 2007-12-19 21:20:11 -05:00
Jacques Distler 0f6889e09f Fix Unicode bug
Fix Diego Restrepo's bug (see Rev 184).
Update to latest HTML5lib.
2007-12-17 03:17:43 -06:00
Jacques Distler 18da1a1d71 Accommodate \nequiv in LaTeX output 2007-11-02 10:15:17 -05:00
Jacques Distler 70025a4ba3 More SVG Sanitization 2007-10-31 01:00:45 -05:00
Jason Blevins 8cd38d9ade Sync with trunk 2007-10-29 21:21:08 -04:00
Jacques Distler eca126f589 Sanitize <svg:image>
This element is unsafe.
2007-10-29 13:51:41 -05:00
Jacques Distler 9c55037626 Some more tests to track down Diego Restrepo's bug 2007-10-28 14:04:30 -05:00
Jacques Distler f24c60c3fb Better handling of SVG attributes which admit uri refs
Just strip out the URI ref, leaving alternates.
2007-10-27 23:08:13 -05:00
Jacques Distler 5208bbf0af Sanitize url refs in SVG attributes
Add some tests.
Sync with latest HTML5lib (includes above sanitization improvements).
2007-10-27 17:34:29 -05:00
Jacques Distler ae82f1be49 Whoops!
Fix an inadvertently broken test.
2007-10-26 16:09:50 -05:00
Jacques Distler 8ce5016b41 UTF-8 Bug
Create a test case for utf-8 bug reported by Diego Restrepo. Seems to be related to WikiWord chunk handling.
Add some other tests, and fix a minor bug in vendor/plugins/maruku/lib/maruku/ext/math/latex_fix.rb.
2007-10-26 00:48:43 -05:00
Jason Blevins 1c5e5999cd Sync with trunk 2007-10-24 08:08:34 -04:00
Jacques Distler a92b593949 SVG in Equations
Support the new "svg" environment from itex2MML 1.3.
2007-10-22 22:24:25 -05:00
Jacques Distler 36f55fc9aa Add support for the MathML <semantics> Element 2007-10-21 02:19:10 -05:00
Jason Blevins 84b6602792 Merge with trunk. 2007-10-17 08:04:42 -04:00
Jacques Distler a728caf493 Add tmp Directory
Purportedly, this in needed to get  Instiki to work with mongrel_cluser.
2007-10-15 14:18:33 -05:00
Jacques Distler 207fb1f7f2 New Version
Sync with Latest Instiki Trunk.
Migrate to Rails 1.2.5.
Bump version number.
2007-10-15 12:16:54 -05:00
Jason Blevins 7521a073b2 Sync with trunk 2007-10-15 07:16:33 -04:00
Jacques Distler de125367b0 Update RDOC documentation.
Update the documentation for sanitize.rb, to match current behaviour.
2007-10-14 22:22:18 -05:00
Jacques Distler 1911d18f65 Performance
OK. This is a better way: define a custom TreeWalker which converts named entities to utf-8 as it goes. This avoids having to do an extra tree traversal in sanitize_rexml, AND avoids the trainwreck that is html5/inputstream.rb.
2007-10-14 21:07:46 -05:00
Jacques Distler 198d7847bd Performance
My REXML::Element.to_ncr (and REXML::Element.to_utf8) is horribly slow. For long documents, it proves more efficient to serialize to a string, apply String.to_ncr (or String.to_utf8) and then Sanitize the string.
2007-10-13 16:32:04 -05:00
Jason Blevins 1cc2043cf6 Sync with trunk 2007-10-12 12:53:43 -04:00
Jacques Distler 0eb1ab56b0 More LaTeX Macros
Put in dummy macros for \statusline and \toggle.
Added colour definitions for HTML named colours.

Remaining  unimplemented:

   \color{#HHH} and \color{#HHHHHH}
   \bgcolor
   \array
   \righttoleftarrow
   \lefttorightarrow
2007-10-11 11:30:17 -05:00
Jacques Distler 148afb77e0 Sync with latest Maruku
Apparently, Maruku had trouble with the latest release of Ruby (1.8.6, patchlevel 110). This should fix it.
2007-10-10 22:06:44 -05:00
Jacques Distler 5dd75d4cb0 File Upload Links
I like this a little better.
2007-10-09 23:56:55 -05:00
Jason Blevins f785655a59 Sync with trunk 2007-10-09 20:02:02 -04:00
Jacques Distler fbdf4c5dfe Fix Broken Test
Was not picking up user-supplied alt text in [[filename|Alt text:pic]].
Fixed.
2007-10-09 11:02:44 -05:00
Jacques Distler 402de89abf Tests for Rev 171
One test is still broken. Will fix.
2007-10-09 03:16:07 -05:00
Jacques Distler 0eb723e125 Accessibility: Use Uploaded File Descriptions
The file upload dialog asks for a description of the image or file to be uploaded. Use this as the default alt-text for the image and as a title attribute for a file link.
2007-10-09 02:51:38 -05:00
Jason Blevins 957f0e5721 Sync with trunk 2007-10-07 16:10:43 -04:00
Jacques Distler 179a0a9cb2 Might as well
Spammers aren't an issue here, but might as well enforce that these actions are POST-only, too.
2007-10-07 03:33:15 -05:00
Jacques Distler 2484542f12 Security: HTTP GET Bypassed Spam Protection
Apparently, the form_spam_protect plugin only works with HTTP POST, not GET.
Unsafe operations (save and file-upload) should be POSTs anyway.
Fixed.

Also, two broken tests fixed. Only two Unit Tests now fail: both are minor bugs in XHTMLDiff.
2007-10-07 01:59:50 -05:00
Jacques Distler be8bb3d06d InterWeb Links
From Jason Blevins:  [[Web Name:Page Name]] or [[Web Name:Page Name|alternate label]] produce inter-Web links on the same Instiki installation.
2007-10-06 16:04:11 -05:00
Jacques Distler 55fdc9fff4 Sync with latest HTML5lib 2007-10-06 11:55:58 -05:00