Commit graph

130 commits

Author SHA1 Message Date
Jacques Distler 503f956084 Fix Two XSS Vulnerabilities
Unescaped  page names (in 'edit' an 'new' views).
Unsanitized HTTP_CLIENT_IP header.
2008-03-14 23:22:46 +00:00
Jacques Distler ab7f429a10 Security: Enforce POSTs
Spammers can bypass form_spam_protect plugin by using GET instead of POST.

Fix this, by ensuring that unsafe operations are POSTs, rather than GETs.
2007-10-07 17:59:20 +00:00
Jacques Distler 10b0561aca Category lists and WikiReferences restrict to current Web.
Fix one sanitization test.
2007-09-28 03:57:52 +00:00
Matt MacGillivray 36b86a9d41 Removed deprecation errors for rails 1.2.3. Corrected test case failures as a result of updated features and functionality 2007-05-07 22:46:00 +00:00
Matthias Tarasiewicz 113223f364 - AntiSPAM: included form-spam-protection rails plugin (Hivelogic Enkoder)
- update: updated scripts and javascripts to rails 1.2.1
2007-02-13 13:24:03 +00:00
Matthias Tarasiewicz ad22579668 cookie fix: being logged in on more Webs at once works now [Jaques Distler] 2007-02-10 09:47:36 +00:00
Matthias Tarasiewicz 8bfe83fa20 fix PDF output not to contain garbage chars [Jesse Newland] 2007-01-16 07:21:16 +00:00
Matthias Tarasiewicz bdf5ab51ef ANTISPAM: included dnsbl_check - DNS Blackhole Lists check [thanks to joost from http://www.spacebabies.nl ] 2007-01-16 07:16:56 +00:00
Alexey Verkhovsky 8323b12795 get_page_and_revision handles the case of no rev parameter explicitly, rather than by chance 2006-09-19 19:13:02 +00:00
Alexey Verkhovsky 1454fbf14a expire page cache for diff 2006-09-07 02:56:55 +00:00
Alexey Verkhovsky 709d28dc4b /wiki/published renders a home page 2006-05-04 04:45:05 +00:00
Alexey Verkhovsky cbca2ba318 Fixed a silly bug 2006-05-04 04:31:55 +00:00
Alexey Verkhovsky 98b2efdb5b Blow away page caches when web settings are changed 2006-04-02 06:17:05 +00:00
Alexey Verkhovsky 56dc390ddb Improved cache sweeping for All Pages and Recently Revised (categories stuff again) 2006-04-02 05:47:41 +00:00
Alexey Verkhovsky 5f3cf38851 Fixed connect_to_model filter extension in wiki_controller (using inheritance here was daft); accelerated tests somewhat 2006-03-24 07:53:20 +00:00
Alexey Verkhovsky 64313ca208 Fixing FileController#import; sort of works, but fails on some interesting tests 2006-03-23 07:14:51 +00:00
Alexey Verkhovsky d051b174f8 Quick amd dirty spam filtering. We'll build something better in due time. 2006-03-20 01:36:45 +00:00
Alexey Verkhovsky d6fedc7f84 Converting linefeeds to Unix-style 2006-03-19 21:49:53 +00:00
Alexey Verkhovsky 6f0434bf83 All tests pass, including Watir suite 2006-03-19 07:54:54 +00:00
Alexey Verkhovsky ad4c289ec5 Added disposition to HTTP headers for sending files 2006-03-12 04:53:39 +00:00
Alexey Verkhovsky e44d16aef9 Fixed rendering of Recently Revised 2006-03-11 22:59:55 +00:00
Alexey Verkhovsky f8b3e2b11d See Changes as a separate page (still implemented within show and revision actions) 2006-03-11 22:10:32 +00:00
Alexey Verkhovsky c435bf2f2b [FIXES BVILD] Further improvement to diff.rb (I hope not to touch this beast again any time soon); See Changes ripped out from WikiController#show, will become a separate action 2006-03-11 21:27:49 +00:00
Alexey Verkhovsky 3285737917 Fixed an NPE in ApplicationController#authorized? 2006-01-23 06:56:30 +00:00
Alexey Verkhovsky a2cb920489 Fixed All Pages with a category 2005-11-14 11:07:14 +00:00
Alexey Verkhovsky 614a48c6ff Exclude links to files and pages from All Pages (so that they don't show up in Wanted Pages etc). 2005-11-14 11:00:46 +00:00
Alexey Verkhovsky 0b1a80a852 [BUILD STILL BROKEN] File uploads roughly speaking work (to about same extent as in 0.10) 2005-11-14 08:38:37 +00:00
Alexey Verkhovsky 8bdee631f6 [BREAKS BUILD] Some work on File uploads, half-done, committing as a backup 2005-11-13 13:37:47 +00:00
Alexey Verkhovsky dea8d70c48 Improved behavior of JavaScript in the author field [from I2 patch by court3nay] 2005-11-04 05:23:34 +00:00
Alexey Verkhovsky 35b77f6440 A bit of spit and polish 2005-11-02 09:04:53 +00:00
Alexey Verkhovsky 7f8d3adfb5 Copied over 0.14.2 ./public contents 2005-11-02 07:34:11 +00:00
Alexey Verkhovsky 3703c1e1b3 Upgrade to Rails 0.14.2; fixed a failing functional test 2005-11-02 04:55:06 +00:00
Alexey Verkhovsky d3b25c8a19 Added meta robots tag to the default layout; added error handling to published pages 2005-11-01 07:31:44 +00:00
Alexey Verkhovsky 9e7306fb0a Outdated TODO deleted 2005-10-28 14:14:31 +00:00
Alexey Verkhovsky af25237a90 Render HTML pages for ExportHTML 'manually' 2005-10-27 05:29:24 +00:00
Alexey Verkhovsky 50b2cbd693 Fix to #255 - Author cookie expiry 2005-10-20 01:18:15 +00:00
Alexey Verkhovsky 223a1f9de3 Speeding up some stuff 2005-09-27 13:46:02 +00:00
Alexey Verkhovsky 9816c395c5 Expire caches for referencing pages on saves and deletes; fixed date formatting in recently_revised 2005-09-27 03:53:29 +00:00
Alexey Verkhovsky 16454549fe Fixed a nasty bug that caused Instiki to go into an endless loop on call to /wiki/print/ 2005-09-27 03:30:01 +00:00
Alexey Verkhovsky 4c14f07100 Fixed caching of RSS feeds; changed from caches_page to caches_action to make authentication and other filters work 2005-09-12 01:12:00 +00:00
Alexey Verkhovsky cc99790a4a Caching and sweeping pages. RSS feeds behave funny 2005-09-11 18:02:56 +00:00
Alexey Verkhovsky c4f593151e [FIXES BUILD] Fixed categories behavior and added id generation in import_storage. Something is still wrong with orphaned pages though 2005-09-11 16:49:08 +00:00
Alexey Verkhovsky ac819d4d68 BREAKS BUILD: all pages etc are much faster, but categories functionality is broken (it was responsible for calling the renderer once per every page on All Pages) 2005-09-11 09:34:41 +00:00
Alexey Verkhovsky 541a5d3994 Deleted all references to PageRenderer from PageSet selectors; using wiki_references instead 2005-09-11 08:05:19 +00:00
Alexey Verkhovsky cd68db01d2 Store wiki references found during rendering 2005-09-11 05:44:34 +00:00
Alexey Verkhovsky bfecd09b56 Fixed includes; started wrking onn caching strategy 2005-09-11 04:23:50 +00:00
Alexey Verkhovsky 70fa15e3f3 Continue extracting URL generation logic from model classes 2005-09-10 11:07:40 +00:00
Alexey Verkhovsky 7e500dfe57 Controllers create renderer objects and pass them on to page.revise and page.rollback methods 2005-09-10 06:12:57 +00:00
Alexey Verkhovsky 427f989d69 Extacted rendering logic from the model 2005-09-09 05:31:27 +00:00
Alexey Verkhovsky 61eacae836 Fix for exports and other file downloads 2005-08-15 00:07:43 +00:00