Jacques Distler
3ce0b98d99
File Security Redux.
...
Hopefully, this will fix the world-writable-files problem with Rails, once and for all.
2007-03-31 10:06:51 -05:00
Jacques Distler
19889c98d4
Safari's DOM support in XHTML is horribly broken. Send it S5 slideshows as text/html. (Sorry: no inline SVG for you!)
...
Turn on Maruku's Math support in S5 slideshows, only if corresponding Web is Math-enabled.
2007-03-30 12:25:59 -05:00
Jacques Distler
0db06a9fa3
To be really XML-safe, don't emit XHTML+MathML named entities. (Ported MathML::Entities to Ruby.)
2007-03-29 03:30:10 -05:00
Jacques Distler
9b9d134ad9
Fix upgrade to Rails 1.2.3.
...
Fix log-rotation (the previous attempt didn't quite work as advertised).
2007-03-21 15:37:29 -05:00
Jacques Distler
7adac51d6d
Sync with latest Instiki trunk. Changes:
...
1) Upgrade Rails to 1.2.3
2) Revert RedCloth to previous version (who %#$@ cares?)
3) Preserve the Rails Security fix to vendor/rails/actionpack/lib/action_controller/caching.rb from Revision 80.
2007-03-18 11:56:12 -05:00
Jacques Distler
ff3e03a45a
Switched from XHTML+MathML to XHTML+MathML+SVG DOCTYPE. Silly, I know ...
2007-03-16 01:10:52 -05:00
Jacques Distler
f92ed693c0
Log rotation. By default, we now use the standard Ruby Logger class to rotate the Instiki logfile.
...
This works fine with the default Webrick. But, if you're running under Mongrel (say), you probably
want to customize this in config/environments/production.rb .
2007-03-13 14:54:43 -05:00
Jacques Distler
c704f899af
File uploads now work.
2007-03-10 22:31:24 -06:00
Jacques Distler
234d5d82f0
S5 views are now visible on a published Web.
...
Another improvement from Jason Blevins.
2007-03-10 18:56:33 -06:00
Jason R. Blevins
e2b93c9e29
Made S5 view publically viewable for published webs.
...
Added an S5 view link to the bottom of the published view page.
2007-03-10 18:03:40 -05:00
Jacques Distler
8c0b3b3d2c
Methods in WikiReferences now restrict themselves (properly) to the current Web.
...
Fix from Jason Blevins.
2007-03-10 17:00:24 -06:00
Jason R. Blevins
12743280fb
All WikiReference methods now limit results to the current web.
...
Category lists are now restricted to the current web.
2007-03-10 16:09:20 -05:00
Jacques Distler
626c135d1e
Security: ensure file upload directory is not world-writable.
...
(There still seem to be bugs in the file upload function.)
2007-03-10 11:26:30 -06:00
Jacques Distler
46a456b3ad
Security: ensure that the file system cache is not world-writable
2007-03-10 11:05:52 -06:00
Jacques Distler
4ae46b32d8
Sync with latest maruku.
2007-03-10 02:06:54 -06:00
Jacques Distler
144540a761
Fixed caching bug with category 'list' and 'recently_revised' views.
...
Re-enabled filesystem caching.
2007-03-10 00:18:18 -06:00
Jacques Distler
edf335060a
Fix new.rhtml
2007-03-09 08:28:19 -06:00
Jacques Distler
db76c79cfb
Whoops! harmless typo.
2007-03-09 08:04:24 -06:00
Jacques Distler
46e78c2317
Sync with latest Instiki trunk (to the extent that the bizarre stuff being committed there makes any sense).
2007-03-08 22:35:49 -06:00
Jacques Distler
a656772622
Deal with clients that don't send an HTTP_ACCEPT header.
...
Cache S5, TeX and Print views.
Temporary hack: don't cache list and recently_revised pages.
2007-03-08 21:57:21 -06:00
Jacques Distler
d74116dc67
Ensure that input is bona fide utf-8.
2007-03-07 21:06:39 -06:00
Jacques Distler
8300133c8d
Sync with latest Maruku.
2007-03-07 12:49:06 -06:00
Jacques Distler
7b1c7c0da6
S5 CSS tweak: .incremental code.
2007-03-06 00:30:12 -06:00
Jacques Distler
7cfa9bf1ba
Page footer now includes link to my branch of Instiki.
2007-03-05 09:32:53 -06:00
Jacques Distler
cf525b8bb9
Zap gremlins in author names.
2007-03-04 22:56:52 -06:00
Jacques Distler
541ef91df4
Update to latest Maruku. Fixes alt text bug.
2007-03-04 15:32:21 -06:00
Jacques Distler
632a9d90fc
Another S5 stylesheet tweak.
2007-03-04 14:06:53 -06:00
Jacques Distler
aed5c10c70
More S5 tweaks: incremental builds for definition-lists and some CSS tweaks.
2007-03-04 02:01:36 -06:00
Jacques Distler
6f81cb1207
Fix well-formedness issue in rollback.rhtml and validity in that and edit.rhtml.
2007-03-02 18:46:40 -06:00
Jacques Distler
43dbd8712e
Another tweak to Maruku's S5 output (IE compatibility).
2007-03-02 08:26:37 -06:00
Jacques Distler
5a352d0f5e
Sync with latest Maruku.
2007-03-01 22:46:49 -06:00
Jacques Distler
6ee59e7e49
More S5 tweaks.
2007-03-01 15:15:41 -06:00
Jacques Distler
e93cedb155
Fixed S5 page numbering.
2007-03-01 11:15:45 -06:00
Jacques Distler
6a7645c45c
Fixed inline SVG in S5.
...
More S5 Stylesheet tweaks.
2007-03-01 10:50:06 -06:00
Jacques Distler
41ff4724b8
Converging on S5 support.
2007-03-01 03:05:35 -06:00
Jacques Distler
02c6ed2fa0
More progress on S5.
...
Forgot to add gremlin zapping in app/views/wiki/edit.rhtml.
2007-02-28 18:38:52 -06:00
Jacques Distler
8359047fd5
Start on adding S5 support to Instiki.
2007-02-28 13:31:34 -06:00
Jason R. Blevins
b65a5b8e30
Bug fix. Previously, all categories were visible from all webs. Now category lists are restricted to the current web.
2007-02-27 22:27:20 -05:00
Jacques Distler
f208d50032
Bah!
2007-02-24 23:07:25 -06:00
Jacques Distler
507a17aade
More lenient URI scheme matching in sanitize.
2007-02-24 22:47:31 -06:00
Jacques Distler
f9dcfa5af0
Make list of attributes whose values are scanned for acceptable URI schemes customizable.
2007-02-24 11:55:40 -06:00
Jacques Distler
59c64439d8
More unit tests.
2007-02-24 00:41:35 -06:00
Jacques Distler
fff30ec27f
Whoops! Forgot a test.
2007-02-23 15:09:12 -06:00
Jacques Distler
d8e06f6db9
Sanitize URI schemes.
2007-02-23 13:34:58 -06:00
Jacques Distler
4c903d6a77
Renamed sanitize unit test file.
2007-02-23 11:57:39 -06:00
Jacques Distler
e179508377
Sanitization now preserves case-sensitive element and attribute names (necessary to support SVG).
...
Unit tests, galore.
2007-02-23 11:32:06 -06:00
Jacques Distler
2fa1e08c96
Tweak dependencies of sanitize.rb
2007-02-22 01:16:18 -06:00
Jacques Distler
bacae2c468
Finally! XSS-protection, done right.
...
If you want something done right, ...
2007-02-22 01:06:53 -06:00
Jacques Distler
0aafedb2df
More XSS fixes.
...
Started fixing file uploads.
2007-02-21 12:10:47 -06:00
Jacques Distler
59adca44cc
Make error documents XHTML.
2007-02-20 17:42:56 -06:00