Commit graph

117 commits

Author SHA1 Message Date
Jacques Distler 4bdf703ab2 Instiki 0.17.2: Security Release
This release upgrades Instiki to Rails 2.3.4, which
patches two security holes in Rails. See

  http://weblog.rubyonrails.org/2009/9/4/ruby-on-rails-2-3-4

There are also some new features, and the usual boatload
of bugfixes. See the CHANGELOG for details.
2009-09-05 02:01:46 -05:00
Jacques Distler 34c4306867 More ActiveRecord Association .length -> .size Optimizations 2009-09-04 00:09:39 -05:00
Jacques Distler 342298ed0e Wikilinks to Published Webs
Should be to the published action. This
didn't work right for inter-web links.
(Reported by Mike Shulman)

Also, change some .length's to .size's
(for Andrew Stacey)
2009-09-03 23:09:10 -05:00
Jacques Distler 336e57d6b4 Pathname Objects
Web#files_path and Web#blatex_pngs_path now return Pathname objects.
Based on JHerdman's
5d1e8f420b
but requires several other changes to the code (which assumed a string).

Also, test for itex2MML 1.3.10 (you should update that too).
2009-08-28 11:10:34 -05:00
Jacques Distler 28cf501166 Correctly Set noindex,nofollow On /diff Pages
None of them should be indexed.
Make sure that happens.
2009-08-24 17:42:34 -05:00
Jacques Distler 329fafafce Fix Two bugs from Toby Bartels
1. Ensure that "rollback" respects locked pages.
2. Expire revisions of an edited page. Use a before_save
   hook to deal with the situation where a page's name
   has been changed.
2009-08-04 00:02:04 -05:00
Jacques Distler 0e0f666fb4 Rollbacks and Relative URLs
Ensure "rollback" locks page for editing. (reported by Toby Bartels)
Generate relative URLs, when possible. (Patch by Dennis Knauf)
2009-07-27 22:49:12 -05:00
Jacques Distler 2ffa1ea007 Cleanup
And a fix from Ari Stern.
2009-06-17 21:12:58 -05:00
Jacques Distler 73120cdc1c Rollback one change from previous commit
S5 should not be visible on unpublished, password-protected webs.
2009-06-17 12:45:53 -05:00
Jacques Distler 155dc88891 Uploaded files in published webs should be accessible
File retrieval (but not file uploads) should be allowed on
a published web (this includes BlahTeX/PNG support).
(Reported by Ari Stern).
2009-06-17 11:17:25 -05:00
Jacques Distler 7448b7981b Minor fixes
1) WEBrick should respond to TERM signals
(needed by MacOSX and, perhaps, others).
2) HTTP redirects for redirected pages should be 301's.
3) Add a flash message for redirection to "new" page
when the target of "show" action is not found.
2009-06-14 22:55:41 -05:00
Jacques Distler d50d6fac17 Get Ready for 0.17 Release 2009-06-14 16:52:59 -05:00
Jacques Distler e341d62809 Close another hole
I believe this addresses Jason's issue.
2009-06-05 22:26:25 -05:00
Jacques Distler a2b1c7e66c HTTP Redirects for Redirected Pages
If a page isn't found, but there is a page that redirects for it,
don't show a 404!
2009-06-05 09:02:05 -05:00
Jacques Distler ea6b04271b Whoops!
Ruby syntax can be tricky.
2009-06-02 23:36:39 -05:00
Jacques Distler d7832ba262 Wiki Redirects and Page Renaming
Added the ability to rename existing pages.
[[!redirects Some Page Name]] redirects Wikilinks [[Some Page Name]] to
  the current page (assuming "Some Page Name" does not exist).
  Real pages trump redirects (though this may change, depending on 
  user feedback).
2009-06-02 22:17:15 -05:00
Jacques Distler ec7141942b Instiki 0.16.6
Fix an incompatiblity between form_spam_protect and IE7.
(Thanks to Jason Blevins)
Roll a new version.
2009-05-08 16:13:25 -05:00
Jacques Distler f062dfe15a Remove some obsolete code from ApplicationController::rescue_action_in_public
Prompted by
http://rubyforge.org/pipermail/instiki-users/2009-April/001215.html
2009-04-13 19:06:40 -05:00
Jacques Distler 98918954e0 Cache Sweeping
Expire cached revisions of deleted pages.
Tweak the appearance of "history" page a bit.
2009-03-31 23:37:21 -05:00
Jacques Distler 69bfc1028b Cache Revisions
Fix config/routes.rb to make revisions cacheable.
Cache revisions.
Modify the history page so that it links to the current page (and diff).
2009-03-31 15:54:41 -05:00
Jacques Distler 73a7ceef03 Cache History Pages
Implement caching for the "history" pages
introduced in Revision 377.
2009-03-31 08:52:46 -05:00
Jacques Distler d5a65e6ac8 History Pages
From Jason Blevins:
  Create a "History" page for each wiki page.
  Link to it, and to the "Diff" page from "Recently Revised".
Also, correct a bug in listing/deleting links to uploaded
video and audio files.
2009-03-30 23:50:06 -05:00
Jacques Distler e2ccdfd812 Instiki 0.16.5
Update to Rails 2.3.2 (the stable Rails 2.3 release).
Add audio/speex support
Update CHANGELOG
Bump version number
2009-03-16 09:55:30 -05:00
Jacques Distler 6c0decc4ea Railsisms
Use some ActiveRecord convenience methods.
2009-03-05 21:42:41 -06:00
Jacques Distler 13d096c688 Set X-Sendfile Header Only for Local Proxy Requests
If the request.remote_addr is not LOCALHOST, don't set the
X-Sendfile header.
2009-03-05 12:14:03 -06:00
Jacques Distler bd9fa0ed0c Bump Version Number
Update CHANGELOG and bump version number to 0.16.4.
2009-03-04 15:54:30 -06:00
Jacques Distler c7418af48d Support for HTML5 <audio>
As with <video>,

   [[foo.wav:audio]]

works now, producing an HTML5 <audio> element.
2009-03-03 12:17:14 -06:00
Jacques Distler 8ea8b6a8f7 <video> and x-sendfile
Using <object> and <embed> were forbidden for obvious
security reasons. Instiki now permits embedding video
via the HTML5 <video> element (Ogg/Theora encoded videos
only, with .ogg or .ogv extensions). You can even upload
videos with

    [[foo.ogg:video]]

Instiki now support x-sendfile. See the Proxying page for
configuring Apache (with the x-sendfile module). Lighttpd
should work similarly.

Update Rails to latest Edge (hopefully converging on RC2!).
2009-03-02 02:32:25 -06:00
Jacques Distler 7f2b16e78d File Upload Fixes
Dunno why this was buggered again. ":back" doesn't seem to function as it used to.
Also, when uploading a file from page "foo", it's important to return to "foo" after
a successful upload, rather than redirecting to the HomePage.

Finally, a favicon tweak.
2009-02-18 01:40:11 -06:00
Jacques Distler 4e14ccc74d Instiki 0.16.3: Rails 2.3.0
Instiki now runs on the Rails 2.3.0 Candidate Release.
Among other improvements, this means that it now 
automagically selects between WEBrick and Mongrel.

Just run

    ./instiki --daemon
2009-02-04 14:26:08 -06:00
Jacques Distler 1cdf0536c1 Fix BlahTeX/PNG
The BlahTeX/PNG code was busted by Revision 344.
Fixed now.
Ari better supply me with a test suite, so this doesn't happen again.
2009-01-27 11:35:05 -06:00
Jacques Distler 34fd7b425f Webs that Don't Allow File Uploads
... should still allow you to manually upload files
and have them render.

Fixed.
2009-01-26 01:39:04 -06:00
Jacques Distler 5d15e3f39d Security: Instiki 0.16.2
On Webs with file uploads enabled, uploaded files were stored
(in version 0.16.1 and earlier) in the public/ directory.

This was a security threat. A miscreant could upload a .html file.
When a user clicked on the link to the file, it was opened (unsanitized)
in the browser.

As of version 0.16.2, uploaded files are stored in the webs/
directory. Now, when the user clicks on the link, the file is sent
with the

    Content-Disposition: attachment

header set, which causes the file to be downloaded, rather than opened
in the browser. As always, files downloaded from the internets should be
treated with caution. At least, this way, they are not aoutomatically 
opened in the browser.

To move your existing uploaded files to the new location, do a

     rake upgrade_instiki
2009-01-26 00:21:30 -06:00
Jacques Distler 0b2a6935a2 Export XHTML Pages
When a Web uses one of the Markdown Text Filters, and you export
all the pages as a zip file, you'd like the MathML and SVG to
render when the pages are viewed locally. This means saving them
with a .xhtml extension. Users of non-XHTML-capable browsers or
Textile users should still get .html files.
2009-01-23 11:02:16 -06:00
Jacques Distler 4936bea13f Boneheaded
Remove some nonexistent callbacks, added in Revisions 265, 288.
2009-01-11 13:49:58 -06:00
Jacques Distler b9f5c32755 Cache file_list Action
Also, slightly smarter cache expiry, upon uploading/deleting a file.
2009-01-10 22:33:30 -06:00
Jacques Distler 8832dd3438 Version 0.16.1
Make this version (minimally) usable with Textile Markup:

   For Webs with "Textile", "RDoc" or "Mixed" markup option selected,
   send text/html instead of application/xhtml+xml. This makes this
   software minimally usable with those markup dialects.

"Markdown+itex2MML", "Markdown+BlahTeX/PNG" and "Markdown" should work
as before, sending application/xhtml+xml to capable browsers.

Bump the version number.
2009-01-04 16:40:50 -06:00
Jacques Distler bdcb506418 Two Bugs
1) Orphaned pages in a Category were not being listed correctly
2) "list" view was not being expired correctly on deletion of orphaned pages.
2009-01-01 02:38:12 -06:00
Jacques Distler b74d298196 Manage Uploaded Files
Allow alternate sort-orders (by filename, by date).
Restrict to files in the given Web.
2008-12-31 11:30:33 -06:00
Jacques Distler 1d3f7007c6 Manage Uploaded Files
A less abstruse interface for deleting files (this time, many at-a-shot).
Available from the Edit Web page.
2008-12-31 03:54:23 -06:00
Jacques Distler 5700d4513f Preliminary (?) Interface for Deleting Uploaded Files.
The simplest thing which could possibly work ...
2008-12-30 03:03:02 -06:00
Jacques Distler 1b8bf36702 Also Expire Caches
Removing orphaned pages, or deleting a Web should also expire all associated
caches.
2008-12-29 10:17:35 -06:00
Jacques Distler 397859ba8a Clean Deletions
Deleting a page removes all revisions of that page.
Deleting a Web removes all pages (and all revisions thereof)
  and all wiki_files belonging to that Web.
2008-12-28 21:36:37 -06:00
Jacques Distler 61c3fb1ab9 Bump Version Number
Version 0.16

Also, allow Includes of single-letter pages.
2008-12-24 13:11:53 -06:00
Jacques Distler 0c681c7775 Incorrect System Password on Create Web
Entering an incorrect password on the Create Web form should redirect
back to the form, with a flash error.

Fixed.
2008-12-21 15:41:35 -06:00
Jacques Distler 7828d79d35 Password Mismatch
When setting a password for a Web (on the "Edit Web" page),
ensure that the password matches. Previously, the "verify"
field was a placebo.
2008-12-20 17:54:54 -06:00
Jacques Distler 23e28f3702 Exports are expensive
Dnsbl filter them as well.
2008-12-17 00:26:52 -06:00
Jacques Distler a503e2b8ac Gentler
Be a little gentler in recovering from Instiki::ValidationErrors, when saving a page.
Previously, we threw away all the user's changes upon the redirect. Now we attempt
to salvage what he wrote.
2008-12-17 00:07:21 -06:00
Jacques Distler 5d2b0da4d5 Faster
Update dnsbl_check plugin to latest version.
Update Maruku to latest version.
In the wiki_controller, only apply the dnsbl_check before_filter 
  to the :edit, :new, and :save actions, instead of all actions.
  This makes mundane "show" requests faster, but does not 
  compromise spam-fighting ability.
2008-12-16 00:40:30 -06:00
Jacques Distler 3bef45277f Small Refactoring
Streamline check that non-idempotent actions are submitted via POST.
2008-12-14 23:29:40 -06:00