Commit graph

1291 commits

Author SHA1 Message Date
Jacques Distler 5c20871ec4 Remove last vestige of CGI.unescapeHTML 2009-01-10 02:00:26 -06:00
Jacques Distler b6fbf039f4 Ack! Try that again. 2009-01-10 00:38:00 -06:00
Jacques Distler 82e7aa52c7 Referring Pages for File List
For the file_list  action, include the pages which link to the given file(s).
This required rejiggering so that that information is actually retained in the database.
Unfortunately, you'll actually need to revise the page(s) in question, because that's the
only time this information is updated in the database.
2009-01-10 00:18:25 -06:00
Jacques Distler f456691609 Correct Type on file_list View 2009-01-08 20:44:22 -06:00
Jacques Distler 94476d9865 More Tests
Enable unit tests for the HTML5lib Sanitizer (used in the <nowiki>
environment).
2009-01-05 22:13:09 -06:00
Jacques Distler 52c1f74ecc Add a couple of XSS tests.
Some more tests from Clint Ruoho. The main branch of Instiki (and, I guess,
the old sanitizer) are vulnerable.

Also: under Ruby 1.8.x, CGI.unescapeHTML screws up horribly decoding NCRs
which represent high-bit ASCII characters. UTF-8 agrees with 7-bit ASCII,
but CGI.unescapeHTML doesn't seem to know that they disagree for i>127.
2009-01-05 16:25:27 -06:00
Jacques Distler 8832dd3438 Version 0.16.1
Make this version (minimally) usable with Textile Markup:

   For Webs with "Textile", "RDoc" or "Mixed" markup option selected,
   send text/html instead of application/xhtml+xml. This makes this
   software minimally usable with those markup dialects.

"Markdown+itex2MML", "Markdown+BlahTeX/PNG" and "Markdown" should work
as before, sending application/xhtml+xml to capable browsers.

Bump the version number.
2009-01-04 16:40:50 -06:00
Jacques Distler bdcb506418 Two Bugs
1) Orphaned pages in a Category were not being listed correctly
2) "list" view was not being expired correctly on deletion of orphaned pages.
2009-01-01 02:38:12 -06:00
Jacques Distler 074599fc9b Tweak Spam Patterns 2008-12-31 13:04:15 -06:00
Jacques Distler b74d298196 Manage Uploaded Files
Allow alternate sort-orders (by filename, by date).
Restrict to files in the given Web.
2008-12-31 11:30:33 -06:00
Jacques Distler 1d3f7007c6 Manage Uploaded Files
A less abstruse interface for deleting files (this time, many at-a-shot).
Available from the Edit Web page.
2008-12-31 03:54:23 -06:00
Jacques Distler 788d1eb075 Stylesheet Tweak
Make the "Delete File" link more visually distinct.
2008-12-30 10:20:43 -06:00
Jacques Distler 5700d4513f Preliminary (?) Interface for Deleting Uploaded Files.
The simplest thing which could possibly work ...
2008-12-30 03:03:02 -06:00
Jacques Distler 1b8bf36702 Also Expire Caches
Removing orphaned pages, or deleting a Web should also expire all associated
caches.
2008-12-29 10:17:35 -06:00
Jacques Distler 397859ba8a Clean Deletions
Deleting a page removes all revisions of that page.
Deleting a Web removes all pages (and all revisions thereof)
  and all wiki_files belonging to that Web.
2008-12-28 21:36:37 -06:00
Jacques Distler c3c33b68dd Multiple leading capital letters in a WikiWord
CMyApp  is a WikiWord (at least, on other Wiki systems, like TWiki).
Should allow that here

Also, choose a more obscure name for the thread-local variable tracking
included chunks.
2008-12-25 17:41:35 -06:00
Jacques Distler 96fea14d60 Recursive Includes 2008-12-24 20:43:47 +00:00
Jacques Distler 61c3fb1ab9 Bump Version Number
Version 0.16

Also, allow Includes of single-letter pages.
2008-12-24 13:11:53 -06:00
Jacques Distler 0f843bc537 Slicker
Clean up the recursive-include code a bit.
2008-12-24 11:09:05 -06:00
Jacques Distler 3a109d1c82 Thread Safety
Use "Thread.current[:included_by]" instead of  the Class variable,
"@@included_by".

The former will work on some newfangled multi-threaded Webserver stack,
which uses separate threads to handle multiple simlutaneous requests
(one request/thread). Dunno that the rest of the application is
thread-safe, but using a class variable, in this context, probably isn't.

Thanks to Sam Ruby for the suggestion.
2008-12-23 16:27:34 -06:00
Jacques Distler 1b54b695c3 Single Letter WikiLinks
Another request from the old (and apparently defunct) Instiki Bug Tracker:
allow single letter WikiLinks, e.g. "[[a]]". Requested by a Japanese user.

Fixed.
2008-12-22 23:57:21 -06:00
Jacques Distler 1192f70f44 @import In Published View
In the Stylesheet Tweaks, the owner of a Web can specify an @import rule
to pull in CSS styles form an external file. This worked in the "show"
view, but was broken in the "published" view.

Fixed.

Also, update a functional test to match Revision 313.
2008-12-22 12:19:18 -06:00
Jacques Distler 0c681c7775 Incorrect System Password on Create Web
Entering an incorrect password on the Create Web form should redirect
back to the form, with a flash error.

Fixed.
2008-12-21 15:41:35 -06:00
Jacques Distler 8373befa0b Tests for Recursive Include Fix 2008-12-21 13:31:59 -06:00
Jacques Distler 91eb8f5fbf Fix Recursive Includes
Another very amusing 3-year old bug from the main Instiki Bug Tracker
(don't they ever fix anything?): the chunk-handling code was supposed
to prevent recursive [[!include ...]] statements. Alas, instead of
actually preventing them it would -- when it encountered a recursive
include -- churn away until Rails ran out of stack space.

Fixed.
2008-12-21 02:47:45 -06:00
Jacques Distler dcd3e63ae8 Nowiki Include
Previously,
   <nowiki>[[!include foo]]</nowiki>
would produce some garbage, like
   chunk18226682includechunk
instead of the desired rendered text,
   [[!include foo]]

Fixed.
2008-12-20 23:24:50 -06:00
Jacques Distler 7828d79d35 Password Mismatch
When setting a password for a Web (on the "Edit Web" page),
ensure that the password matches. Previously, the "verify"
field was a placebo.
2008-12-20 17:54:54 -06:00
Jacques Distler 84756f889a Fix bug #17978. 2008-12-20 20:39:38 +00:00
Jacques Distler 1f816af24b Uploaded Pictures Should Display in "Published" Mode 2008-12-20 13:56:50 -06:00
Jacques Distler 5a86d874f7 Another Spam_patterns Tweak 2008-12-19 22:26:03 -06:00
Jacques Distler 3929fceaf8 Fix buglet in xhtmldiff
Fixes one of two formely broken unit tests.
2008-12-18 22:12:23 -06:00
Jacques Distler ad049bcc4b Drop hostname from cache key
By default, Rails will cache

    example.com/mywiki/show/SomePage
and
    www.example.com/mywiki/show/SomePage

In Instiki, this just leads to stale cached pages and frustration.
Fix that behaviour.
2008-12-18 09:21:26 -06:00
Jacques Distler 2ab04421a3 BlahTeX/PNG Support (from Ari Stern) 2008-12-17 23:42:28 -06:00
Jacques Distler 8eb59105ea Fix a Functional Test
For inexplicable reasons, this test passes on my system, even though (as
previously written) it shouldn't. Fixed now.
2008-12-17 14:11:14 -06:00
Jacques Distler f842013243 Require required?
At least on some systems (not mine), it seems to be.
2008-12-17 10:38:34 -06:00
Jacques Distler 05b76f7625 Philip Taylor Freakout Edition
Doubtless, he would have been fleetingly ecstatic.
Alas, he a) probably doesn't subscribe to the bzr feed,
and b) is probably asleep at the moment.
2008-12-17 01:42:24 -06:00
Jacques Distler 23e28f3702 Exports are expensive
Dnsbl filter them as well.
2008-12-17 00:26:52 -06:00
Jacques Distler a503e2b8ac Gentler
Be a little gentler in recovering from Instiki::ValidationErrors, when saving a page.
Previously, we threw away all the user's changes upon the redirect. Now we attempt
to salvage what he wrote.
2008-12-17 00:07:21 -06:00
Jacques Distler a769ef7a84 Fix some spam patterns
These either were causing, or were potential causes of false-positives.
2008-12-16 21:59:43 -06:00
Jacques Distler 5d2b0da4d5 Faster
Update dnsbl_check plugin to latest version.
Update Maruku to latest version.
In the wiki_controller, only apply the dnsbl_check before_filter 
  to the :edit, :new, and :save actions, instead of all actions.
  This makes mundane "show" requests faster, but does not 
  compromise spam-fighting ability.
2008-12-16 00:40:30 -06:00
Jacques Distler 9237858256 Tweak Diff View of HomePage 2008-12-15 16:31:39 -06:00
Jacques Distler 65c08e1090 Update SQLite3 Drivers
Update bundled drivers to version 1.2.4.
2008-12-15 14:45:15 -06:00
Jacques Distler 14561d998d A little whitespace cleanup in Views 2008-12-15 13:19:22 -06:00
Jacques Distler 3bef45277f Small Refactoring
Streamline check that non-idempotent actions are submitted via POST.
2008-12-14 23:29:40 -06:00
Jacques Distler 5d7d89d193 Fix Slowdown in Sanitizer Regexp
Deal with the issue:

   http://code.google.com/p/html5lib/issues/detail?id=83

by fixing a regexp used for sanitizing inline style attributes.
2008-12-09 08:54:35 -06:00
Jacques Distler 8f8c07505c Expire Pages that Include a Modified Page
Modifying a page should expire all pages that include it.
2008-12-09 03:33:53 -06:00
Jacques Distler 6e2d11e00d Don't Cache Pages With Flash Messages on Them
This was a long-standing annoyance. Fortunately, Rails 2.1 and later offers
a way to avoid it.
2008-12-09 02:20:59 -06:00
Jacques Distler 34fcd7943a Some Tests
Some functional tests for 'delete orphaned pages by category'.
2008-12-07 00:24:25 -06:00
Jacques Distler 3a78ef3dbf Delete Orphan Pages in Category
If a Web has categories defined, you can delete orphaned pages in a given category
(in addition to being able to delete all orphaned pages).
2008-12-06 16:11:47 -06:00
Jacques Distler 61799bc63f Delete_Web
Add a user interface to delete a Web.
2008-12-06 06:06:46 -06:00