Commit graph

203 commits

Author SHA1 Message Date
Jacques Distler ab7f429a10 Security: Enforce POSTs
Spammers can bypass form_spam_protect plugin by using GET instead of POST.

Fix this, by ensuring that unsafe operations are POSTs, rather than GETs.
2007-10-07 17:59:20 +00:00
Jacques Distler 10b0561aca Category lists and WikiReferences restrict to current Web.
Fix one sanitization test.
2007-09-28 03:57:52 +00:00
Jacques Distler a3d3f1c536 Fix XSS vulnerabilities in chunk-handling 2007-09-23 19:30:39 +00:00
Matt MacGillivray 36b86a9d41 Removed deprecation errors for rails 1.2.3. Corrected test case failures as a result of updated features and functionality 2007-05-07 22:46:00 +00:00
Jacques Distler 552cf4cff0 XSS Security fixes 2007-02-25 15:13:50 +00:00
Alexey Verkhovsky 4b29a843e5 Fixes #248 2006-09-07 04:07:51 +00:00
Alexey Verkhovsky 709d28dc4b /wiki/published renders a home page 2006-05-04 04:45:05 +00:00
Alexey Verkhovsky 5f3cf38851 Fixed connect_to_model filter extension in wiki_controller (using inheritance here was daft); accelerated tests somewhat 2006-03-24 07:53:20 +00:00
Alexey Verkhovsky 64313ca208 Fixing FileController#import; sort of works, but fails on some interesting tests 2006-03-23 07:14:51 +00:00
Alexey Verkhovsky d6fedc7f84 Converting linefeeds to Unix-style 2006-03-19 21:49:53 +00:00
Alexey Verkhovsky 6f0434bf83 All tests pass, including Watir suite 2006-03-19 07:54:54 +00:00
Alexey Verkhovsky 04b75e1684 2006-03-11 23:25:04 +00:00
Alexey Verkhovsky e44d16aef9 Fixed rendering of Recently Revised 2006-03-11 22:59:55 +00:00
Alexey Verkhovsky f8b3e2b11d See Changes as a separate page (still implemented within show and revision actions) 2006-03-11 22:10:32 +00:00
Alexey Verkhovsky c435bf2f2b [FIXES BVILD] Further improvement to diff.rb (I hope not to touch this beast again any time soon); See Changes ripped out from WikiController#show, will become a separate action 2006-03-11 21:27:49 +00:00
Alexey Verkhovsky 01c9636ffd More goodness to lib/diff.rb! 2006-01-23 06:57:19 +00:00
Alexey Verkhovsky 3ea1ef881f Refactoring and deleting unused code from lib/diffr.rb until I can understand what it says. Also fixes #256. The build is still broken. 2006-01-22 21:40:20 +00:00
Alexey Verkhovsky 60c07ca1a2 wiki_references fixture (fixed #275) 2005-12-30 08:49:15 +00:00
Alexey Verkhovsky 9b87b1f85f Fixed a broken func. test for FileController 2005-12-30 08:42:06 +00:00
Alexey Verkhovsky 0b1a80a852 [BUILD STILL BROKEN] File uploads roughly speaking work (to about same extent as in 0.10) 2005-11-14 08:38:37 +00:00
Alexey Verkhovsky 8bdee631f6 [BREAKS BUILD] Some work on File uploads, half-done, committing as a backup 2005-11-13 13:37:47 +00:00
Alexey Verkhovsky a61c11854d Always check that the rendering output is well-formed 2005-11-13 09:27:55 +00:00
Alexey Verkhovsky dea8d70c48 Improved behavior of JavaScript in the author field [from I2 patch by court3nay] 2005-11-04 05:23:34 +00:00
Alexey Verkhovsky 26a5338764 FIX BUILD 2005-11-02 05:59:49 +00:00
Alexey Verkhovsky 3703c1e1b3 Upgrade to Rails 0.14.2; fixed a failing functional test 2005-11-02 04:55:06 +00:00
Alexey Verkhovsky af25237a90 Render HTML pages for ExportHTML 'manually' 2005-10-27 05:29:24 +00:00
Alexey Verkhovsky 50b2cbd693 Fix to #255 - Author cookie expiry 2005-10-20 01:18:15 +00:00
Alexey Verkhovsky 9ea6e6ae65 Downgrading RedCloth back to 3.0.3 (3.0.4 is said to be buggy) 2005-09-28 04:12:11 +00:00
Alexey Verkhovsky 223a1f9de3 Speeding up some stuff 2005-09-27 13:46:02 +00:00
Alexey Verkhovsky 4c14f07100 Fixed caching of RSS feeds; changed from caches_page to caches_action to make authentication and other filters work 2005-09-12 01:12:00 +00:00
Alexey Verkhovsky c4f593151e [FIXES BUILD] Fixed categories behavior and added id generation in import_storage. Something is still wrong with orphaned pages though 2005-09-11 16:49:08 +00:00
Alexey Verkhovsky 32d238098e Taking care of svn adds and svn deletes for the last 24 hours or so. Boo on me! 2005-09-11 14:03:08 +00:00
Alexey Verkhovsky 541a5d3994 Deleted all references to PageRenderer from PageSet selectors; using wiki_references instead 2005-09-11 08:05:19 +00:00
Alexey Verkhovsky bec3c98227 Moved the last unit test where it belongs 2005-09-11 06:28:59 +00:00
Alexey Verkhovsky 6ff74f6b5a Update wiki_references to a newly created page from 'W' to 'L' 2005-09-11 06:15:59 +00:00
Alexey Verkhovsky 0c6626c375 Corrected WikiReference::link_type when a newly created page refers to itself (should be 'L', not 'W') 2005-09-11 05:59:21 +00:00
Alexey Verkhovsky cd68db01d2 Store wiki references found during rendering 2005-09-11 05:44:34 +00:00
Alexey Verkhovsky bfecd09b56 Fixed includes; started wrking onn caching strategy 2005-09-11 04:23:50 +00:00
Alexey Verkhovsky 70fa15e3f3 Continue extracting URL generation logic from model classes 2005-09-10 11:07:40 +00:00
Alexey Verkhovsky 7e500dfe57 Controllers create renderer objects and pass them on to page.revise and page.rollback methods 2005-09-10 06:12:57 +00:00
Alexey Verkhovsky 427f989d69 Extacted rendering logic from the model 2005-09-09 05:31:27 +00:00
Alexey Verkhovsky 829d54a368 Fixed functional tests 2005-09-09 03:23:33 +00:00
Alexey Verkhovsky e5b7037259 Small correction to the last commit 2005-08-18 03:35:25 +00:00
Alexey Verkhovsky 64dae975ae Patch for Watir test from Bret Pettichord 2005-08-18 03:22:18 +00:00
Ben Bleything b29c59e470 Line ending cleanup. Most of these are svn propsets which should make
the files check out appropriately in the future.  The three files in
app/models had inconsitent line endings, so they had to be fixed by
hand.
2005-08-15 19:17:32 +00:00
Alexey Verkhovsky 5b075ca338 Renamed revised_on to revised_at everywhere (for consistency) 2005-08-14 23:27:55 +00:00
Alexey Verkhovsky d24cf7c8e1 Fixed continuous revision check 2005-08-14 23:09:10 +00:00
Alexey Verkhovsky 052754b068 Dropped number from revision table. Also dropped timestamp. We will rely on autoincremented ID for sorting, and will for now store the time of last edit of the revision in revised_at. Later we will refactor content into a separate table (so as not to load the whole 300 kb of text and cached HTML every time we need page.revisions in code). Rake tests all pass, but watir tests indicate that some revision traversing links are still broken 2005-08-14 22:26:54 +00:00
Alexey Verkhovsky 476d7810f6 Added Revision.timestamp attribute, which is a timestamp to the precision of msec. Intention is to get rid of the revision.number and use this one for sotrting etc. The problem with created_at / updated_at in this role is that trhey have precision of seconds, which is not good enough for some of the purposes. 2005-08-14 18:58:36 +00:00
Alexey Verkhovsky 4f7e5bca30 Changes in Watir test to accomodate the AR backend 2005-08-14 04:06:31 +00:00