Commit graph

137 commits

Author SHA1 Message Date
Jacques Distler
37a8f30ded Whoops! Make Sure Instiki Works with Vendored Rack 2009-09-05 02:44:19 -05:00
Jacques Distler
4bdf703ab2 Instiki 0.17.2: Security Release
This release upgrades Instiki to Rails 2.3.4, which
patches two security holes in Rails. See

  http://weblog.rubyonrails.org/2009/9/4/ruby-on-rails-2-3-4

There are also some new features, and the usual boatload
of bugfixes. See the CHANGELOG for details.
2009-09-05 02:01:46 -05:00
Jacques Distler
664552ac02 Rails 2.3.3.1
Update to latest Rails.
A little bit of jiggery-pokery is involved, since they
neglected to re-include vendored Rack in this release.
2009-08-04 10:16:03 -05:00
Jacques Distler
698daecf0e Maruku "Email" Header Detection
The Regexp, used in Maruku to detect "email"
headers (used, e.g., for S5 slideshow metadata)
could, for some inputs, interact badly with
Instiki's Chunk Handler.
Fixed.
2009-07-13 23:59:09 -05:00
Jacques Distler
ef5878cf11 Put class name on <pre>, rather than <code>
Better CSS styling options ensue, if we put
the class='lang' on the <pre> element.

(Suggested by Casper Gripenberg)
2009-07-06 15:30:35 -05:00
Jacques Distler
7448b7981b Minor fixes
1) WEBrick should respond to TERM signals
(needed by MacOSX and, perhaps, others).
2) HTTP redirects for redirected pages should be 301's.
3) Add a flash message for redirection to "new" page
when the target of "show" action is not found.
2009-06-14 22:55:41 -05:00
Jacques Distler
a84648cff1 Fix Maruku Escaping Bug
Sync with latest Maruku (now on github).
lib/maruku/ext/math/mathml_engines/none.rb should
HTML-escape the TeX source code. No it does.
2009-05-13 01:27:39 -05:00
Jacques Distler
ec7141942b Instiki 0.16.6
Fix an incompatiblity between form_spam_protect and IE7.
(Thanks to Jason Blevins)
Roll a new version.
2009-05-08 16:13:25 -05:00
Jacques Distler
681065631c Add Support for SVG Clipping Paths
Add support in the sanitizer for <clipPath>, @clip-path and @clip-rule.
Suggested by Andrew Stacey.
2009-05-07 16:53:56 -05:00
Jacques Distler
e33ccad293 Remove list.dsbl.org
The dnsbl list at list.dsbl.org is defunct.
Also: a Ruby 1.9 compatiblity tweak for Maruku.
2009-05-03 00:57:07 -05:00
Jacques Distler
d425a70fad Yikes!
Yet more dangerously greedy Regexps in Maruku,
and one of my own.
2009-03-27 09:25:08 -05:00
Jacques Distler
7403ea6a6b Don't be greedy!
Maruku uses greedy Regexps in a number of places, which,
in unfavourable circumstances, can lead to exponential
slowdowns (an apparent hang).

We worked around one such bug in Revision 355. Recently,
Toby Bartels found another (in Table Header parsing).
The "real" solution seems to be to make sure the Regexps
are not greedy. (Thanks to Sam Ruby for spotting the problem!)

Reverted the workaround in Revision 355, fixed Toby's
bug, and several other similar Regexps.
2009-03-27 02:44:49 -05:00
Jacques Distler
e2ccdfd812 Instiki 0.16.5
Update to Rails 2.3.2 (the stable Rails 2.3 release).
Add audio/speex support
Update CHANGELOG
Bump version number
2009-03-16 09:55:30 -05:00
Jacques Distler
5e7d2cf973 Rails 2.3.1
Update to the release version of Rails 2.3.1.
2009-03-05 07:54:17 -06:00
Jacques Distler
c7418af48d Support for HTML5 <audio>
As with <video>,

   [[foo.wav:audio]]

works now, producing an HTML5 <audio> element.
2009-03-03 12:17:14 -06:00
Jacques Distler
8ea8b6a8f7 <video> and x-sendfile
Using <object> and <embed> were forbidden for obvious
security reasons. Instiki now permits embedding video
via the HTML5 <video> element (Ogg/Theora encoded videos
only, with .ogg or .ogv extensions). You can even upload
videos with

    [[foo.ogg:video]]

Instiki now support x-sendfile. See the Proxying page for
configuring Apache (with the x-sendfile module). Lighttpd
should work similarly.

Update Rails to latest Edge (hopefully converging on RC2!).
2009-03-02 02:32:25 -06:00
Jacques Distler
133c21b801 Bugfixes and Rails Edge
Update to Rails 2.3.1.
  (Actually, not quite. Doesn't look like 2.3.1 will be released
   today, but I REALLY want to push these bugfixes out.)
Removed bundled Rack (Rails 2.3.1 comes bundled with Rack 1.0).
Add
     config.action_view.cache_template_loading = true
  to production environment.
Fix FastCGI bug (http://rubyforge.org/tracker/index.php?func=detail&aid=24191&group_id=186&atid=783).
Fix WikiWords bug (http://rubyforge.org/pipermail/instiki-users/2009-February/001181.html).
2009-02-27 19:23:00 -06:00
Jacques Distler
0ddef97328 Fix Caching Problem in 0.16.3
This fixes the caching problem

  http://golem.ph.utexas.edu/instiki/show/Known+Bugs?rev=13#Caching

which afflicts some installations of 0.16.3. With the patch, it's no
longer necessary that the Instiki directory be owned by the instiki
user (yay!).
2009-02-18 22:22:18 -06:00
Jacques Distler
7f2b16e78d File Upload Fixes
Dunno why this was buggered again. ":back" doesn't seem to function as it used to.
Also, when uploading a file from page "foo", it's important to return to "foo" after
a successful upload, rather than redirecting to the HomePage.

Finally, a favicon tweak.
2009-02-18 01:40:11 -06:00
Jacques Distler
53751a61f0 Fix Maruku Hanging Bug
A Maruku-syntax <div> with an unclosed IAL (and, it seems, at least one equation)
would cause Instiki to hang. Badly. Requiring a 'kill -9' to terminate it.
Reverting the OpenDiv and CloseDiv Regexps to my, more simple-minded, versions
fixes the problem.
2009-02-09 22:20:34 -06:00
Jacques Distler
4e14ccc74d Instiki 0.16.3: Rails 2.3.0
Instiki now runs on the Rails 2.3.0 Candidate Release.
Among other improvements, this means that it now 
automagically selects between WEBrick and Mongrel.

Just run

    ./instiki --daemon
2009-02-04 14:26:08 -06:00
Jacques Distler
b80995dbdc Equation Numbering in Maruku+itex2MML
This was spooged by Revision #263 (to accommodate) BlahTeX/PNG support.
Hopefully this way will work in both modes.
2009-01-24 11:40:53 -06:00
Jacques Distler
52c1f74ecc Add a couple of XSS tests.
Some more tests from Clint Ruoho. The main branch of Instiki (and, I guess,
the old sanitizer) are vulnerable.

Also: under Ruby 1.8.x, CGI.unescapeHTML screws up horribly decoding NCRs
which represent high-bit ASCII characters. UTF-8 agrees with 7-bit ASCII,
but CGI.unescapeHTML doesn't seem to know that they disagree for i>127.
2009-01-05 16:25:27 -06:00
Jacques Distler
3929fceaf8 Fix buglet in xhtmldiff
Fixes one of two formely broken unit tests.
2008-12-18 22:12:23 -06:00
Jacques Distler
5d2b0da4d5 Faster
Update dnsbl_check plugin to latest version.
Update Maruku to latest version.
In the wiki_controller, only apply the dnsbl_check before_filter 
  to the :edit, :new, and :save actions, instead of all actions.
  This makes mundane "show" requests faster, but does not 
  compromise spam-fighting ability.
2008-12-16 00:40:30 -06:00
Jacques Distler
65c08e1090 Update SQLite3 Drivers
Update bundled drivers to version 1.2.4.
2008-12-15 14:45:15 -06:00
Jacques Distler
5d7d89d193 Fix Slowdown in Sanitizer Regexp
Deal with the issue:

   http://code.google.com/p/html5lib/issues/detail?id=83

by fixing a regexp used for sanitizing inline style attributes.
2008-12-09 08:54:35 -06:00
Jacques Distler
7e66134e2f Update Maruku Author List
Yay, me!
2008-12-05 12:31:44 -06:00
Jacques Distler
11930dfabd Update HTML5lib Sanitizer Test, Accordingly 2008-12-01 14:11:57 -06:00
Jacques Distler
af8157130a Clarify form_spam_protection Error Message
You need cookies enabled, too (since Instiki stores session data in a cookie).
2008-11-30 17:44:21 -06:00
Jacques Distler
620052a5ba Whoops!
As usual, forgot to 'bzr add' these.
Completes the upgrade to Rails 2.2.2.
2008-11-24 16:19:37 -06:00
Jacques Distler
2e81ca2d30 Rails 2.2.2
Updated to Rails 2.2.2.
Added a couple more Ruby 1.9 fixes, but that's pretty much at a standstill,
until one gets Maruku and HTML5lib working right under Ruby 1.9.
2008-11-24 15:53:39 -06:00
Jacques Distler
bceb1864df Fixes
Fix Session CookieOverflow bug when rescuing an InstikiValidation error.
Fix some random things which will cause problems with Ruby 1.9. (Plenty
more where those came from.)
2008-11-05 22:24:14 -06:00
Jacques Distler
7600aef48b Upgrade to Rails 2.2.0
As a side benefit, fix an (non-user-visible) bug in display_s5().
Also fixed a bug where removing orphaned pages did not expire cached summary pages.
2008-10-27 01:47:01 -05:00
Jacques Distler
39348c65c2 Make Andrea Happy
Use a counter, instead of rand() to aid in generating unique IDs in Maruku.
Add Unit test for the Theorem Environment.
2008-10-25 00:52:59 -05:00
Jacques Distler
e48b000c11 Tweak from Ari Stern
Match Maruku Revision 184: change wrapper for embedded TeX in display equation from
a <div> to a <span>.
2008-10-23 22:44:53 -05:00
Jacques Distler
0fdb13b257 Whoops! Forgot one.
This fixes LaTeX output for Theorem cross-refs.
2008-10-21 00:26:31 -05:00
Jacques Distler
8d1d8a5693 Security: Response Splitting
Apply a patch to close the Response Splitting vulnerability in Rails.
See

   http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk
2008-10-20 14:22:17 -05:00
Jacques Distler
2fb41f12ce Automatic Theorem Numbering
Can now refer to numbered theorems by \ref{...}, as in LaTeX
2008-10-20 00:24:22 -05:00
Jacques Distler
da81a2fbdb Fix bug in IAL detection in maruku/ext/div.rb 2008-10-17 22:34:16 -05:00
Jacques Distler
34082fbf94 Theorem Environments
Implement amsthm-like Theorem environments with Maruku.
Support is based on Maruku "div"s with special class-names.
Classes
    num_*
produce numbered environments, and

    un_*

produce un-numbered environments, where * is one of

   theorem     (for Theorem)
   lemma       (for Lemma)
   prop        (for Proposition)
   cor         (for Corollary)
   def         (for Definition)
   example     (for Example)
   remark      (for Remark)
   note        (for Note)

In addition, the class

   proof

produces a Proof environment.

The LaTeX export works as expected, and these also work in the S5 view.

Bumped version number.
2008-10-17 16:26:17 -05:00
Jacques Distler
6f3e9a9e17 Enable Maruku div Markdown extension 2008-10-15 10:29:35 -05:00
Jacques Distler
d4f97345db Rails 2.1.1
Among other things, a security fix.
2008-09-07 00:54:05 -05:00
Jacques Distler
37aff87d71 Sync with latest Maruku
Contains Ari Stern's additions for Blahtex support.
2008-08-05 13:18:23 -05:00
Jacques Distler
e1c7d035c9 Some more SVG attributes for the sanitizer
From Sam Ruby.
2008-07-28 10:57:55 -05:00
Jacques Distler
c427807274 Blahtex
Sync with latest Maruku.
Pave the way for Blahtex (PNG-based math) support (from Ari Stern).
   (no visible functionality, yet, but that will come)
2008-07-26 04:14:41 -05:00
Jacques Distler
4e3aefd9d3 Cleanup: Remove some .gitignore files
These crept into the distribution.
2008-06-02 08:13:53 -05:00
Jacques Distler
516d6dfac0 Rails 2.1
Update to Rails 2.1 final.
2008-06-02 01:35:38 -05:00
Jacques Distler
800880f382 Rough In New Sanitizer
Start work (which may not pan out) on a new sanitizer. Right now, it passes
all but 1 of the HTML5lib Sanitizer's unit tests. But it doesn't do much
of anything to ensure well-formedness. This is not an issue for Maruku-processed
content, but it is a concern for <nowiki> blocks.

(One solution would be to use the HTML5lib parser on <nowiki> blocks.)

In any case, this baby is 3 times as fast as the HTML5lib sanitizer.
2008-05-20 17:02:10 -05:00
Jacques Distler
5292899c9a Rails 2.1 RC1
Updated Instiki to Rails 2.1 RC1 (aka 2.0.991).
2008-05-17 23:22:34 -05:00