Commit graph

1366 commits

Author SHA1 Message Date
Matthias Tarasiewicz
5e095d59cb finally removed pdf and latex export which caused the export button to fail with mongrel. PDF export will be added later on without pdflatex. 2007-10-14 14:11:37 +00:00
Jacques Distler
198d7847bd Performance
My REXML::Element.to_ncr (and REXML::Element.to_utf8) is horribly slow. For long documents, it proves more efficient to serialize to a string, apply String.to_ncr (or String.to_utf8) and then Sanitize the string.
2007-10-13 16:32:04 -05:00
Jason Blevins
1cc2043cf6 Sync with trunk 2007-10-12 12:53:43 -04:00
Jacques Distler
0eb1ab56b0 More LaTeX Macros
Put in dummy macros for \statusline and \toggle.
Added colour definitions for HTML named colours.

Remaining  unimplemented:

   \color{#HHH} and \color{#HHHHHH}
   \bgcolor
   \array
   \righttoleftarrow
   \lefttorightarrow
2007-10-11 11:30:17 -05:00
Jacques Distler
148afb77e0 Sync with latest Maruku
Apparently, Maruku had trouble with the latest release of Ruby (1.8.6, patchlevel 110). This should fix it.
2007-10-10 22:06:44 -05:00
Jacques Distler
5dd75d4cb0 File Upload Links
I like this a little better.
2007-10-09 23:56:55 -05:00
Jason Blevins
f785655a59 Sync with trunk 2007-10-09 20:02:02 -04:00
Jacques Distler
fbdf4c5dfe Fix Broken Test
Was not picking up user-supplied alt text in [[filename|Alt text:pic]].
Fixed.
2007-10-09 11:02:44 -05:00
Matthias Tarasiewicz
806a1fc682 added /tmp folder plus structure to make instiki work with mongrel_cluster 2007-10-09 15:13:22 +00:00
Jacques Distler
402de89abf Tests for Rev 171
One test is still broken. Will fix.
2007-10-09 03:16:07 -05:00
Jacques Distler
0eb723e125 Accessibility: Use Uploaded File Descriptions
The file upload dialog asks for a description of the image or file to be uploaded. Use this as the default alt-text for the image and as a title attribute for a file link.
2007-10-09 02:51:38 -05:00
Jacques Distler
5cbdccec2a MIME-Types for WEBrick 2007-10-08 04:16:31 +00:00
Jason Blevins
957f0e5721 Sync with trunk 2007-10-07 16:10:43 -04:00
Jacques Distler
ab7f429a10 Security: Enforce POSTs
Spammers can bypass form_spam_protect plugin by using GET instead of POST.

Fix this, by ensuring that unsafe operations are POSTs, rather than GETs.
2007-10-07 17:59:20 +00:00
Jacques Distler
179a0a9cb2 Might as well
Spammers aren't an issue here, but might as well enforce that these actions are POST-only, too.
2007-10-07 03:33:15 -05:00
Jacques Distler
2484542f12 Security: HTTP GET Bypassed Spam Protection
Apparently, the form_spam_protect plugin only works with HTTP POST, not GET.
Unsafe operations (save and file-upload) should be POSTs anyway.
Fixed.

Also, two broken tests fixed. Only two Unit Tests now fail: both are minor bugs in XHTMLDiff.
2007-10-07 01:59:50 -05:00
Jacques Distler
be8bb3d06d InterWeb Links
From Jason Blevins:  [[Web Name:Page Name]] or [[Web Name:Page Name|alternate label]] produce inter-Web links on the same Instiki installation.
2007-10-06 16:04:11 -05:00
Jacques Distler
55fdc9fff4 Sync with latest HTML5lib 2007-10-06 11:55:58 -05:00
Jason Blevins
e5f882d800 Applied URI chunk changes 2007-10-06 09:12:24 -04:00
Jason Blevins
c1be34abcd Support for InterWeb Links 2007-10-06 09:06:55 -04:00
Jacques Distler
3a3cfeaa9b Drop URI Chunk-handling
The URIChunk and LocalURICunk handlers were

1) Slow
2) Buggy (prone to produce ill-formed pages in edge cases)
3) Of dubious utility

So I ditched them. No auto-linked URLs, but who cares?
2007-10-05 16:25:41 -05:00
Jason Blevins
8cdcbff13e Merge with latest trunk 2007-10-04 22:54:36 -04:00
Jacques Distler
f0090cf4ab Whoops!
Committed the wrong version of tex.rhtml. This is the right one.
2007-10-04 15:46:20 -05:00
Jacques Distler
4be4125861 Remaining LaTeX macros
Added the remaining LaTeX macros from our list.
What remains is to decide on how to resolve the conflicting definitions of

   \binom{}{}

and to supply suitable characters for

   \righttoleftarrow
   \lefttorightarrow

The plain TeX syntax {A \over B} is unsupported (passed through verbatim, and will cause a LaTeX error).
2007-10-04 13:43:57 -05:00
Jason Blevins
bcfa5b1f31 First commit of new Latex macros. 2007-10-04 09:55:11 -04:00
Jacques Distler
986c21527a First Batch of LaTeX Macros
The first, uncontroversial, batch of LaTeX macros from Jason Blevins.
2007-10-04 03:16:45 -05:00
Jacques Distler
c67382d340 Start on LaTeX
Pave the way for Jason's LaTeX macro support.
Also, uniformize the capitalization of "ETag".
2007-10-04 02:50:08 -05:00
Jason Blevins
5b4936948b Merged Jacques Distler's latest changes. 2007-10-02 09:56:56 -04:00
Jacques Distler
b0e316e37c Minor Fixes
Get rid of Redefined CONSTANT warning.
Make WEBrick respond to TERM signal. (Launchd, in particular, requires this.)
Rollback superfluous change to rails/actionpack/lib/action_controller/base.rb. Handled by the action_cache plugin.
2007-10-01 22:09:51 -05:00
Matthias Tarasiewicz
4199843e08 changing back some 'require_dependency' to 'require' since it is not needed for all (info from jacques distler) 2007-09-28 08:40:24 +00:00
Jacques Distler
10b0561aca Category lists and WikiReferences restrict to current Web.
Fix one sanitization test.
2007-09-28 03:57:52 +00:00
Jacques Distler
3b6523b4f4 rel=nofollow
A little search engine optimization.
2007-09-27 20:04:27 -05:00
Matthias Tarasiewicz
2cd2b2746e change of 'require_dependencies' to 'require' which should fix the 'superclass mismatch error' that occurred. 2007-09-27 06:09:58 +00:00
Jacques Distler
a3d3f1c536 Fix XSS vulnerabilities in chunk-handling 2007-09-23 19:30:39 +00:00
Jacques Distler
06d96349e4 Don't stomp on test/fixtures, when dumping the database to YAML
Tweak the manage_fixtures plugin to use the dump/fixtures instead of test/fixtures directory.
2007-09-23 01:50:40 -05:00
Jacques Distler
1259e16a4a A Couple of Unit Tests 2007-09-23 00:03:58 -05:00
Jacques Distler
e8769c0b83 Add the manage_fixtures plugin for easy database migration 2007-09-20 00:36:07 -05:00
Jason Blevins
8d48dd88fe Sync with latest trunk 2007-09-19 13:53:22 -04:00
Jacques Distler
c54a78c026 Links in Published Webs
Links in published Webs (in particular, the author-link) should be to the published version of the page.
2007-09-15 14:39:28 -05:00
Jacques Distler
4144aa2c98 Can't. Stop. Tweaking. Themes. 2007-09-15 11:40:48 -05:00
Jacques Distler
2c4473a0e9 S5 Slide notes
Slide notes are now served correctly (as application/xhtml+xml) to compatible
browsers. So you can put math in your notes, and the MathML will render.

We don't do real content-negotioation. IE gets text/html; everyone else gets application/xhtml+xml.
2007-09-15 00:29:20 -05:00
Jacques Distler
08857ebe8e Fix Markdown (non-math) Engine, Tweak Themes
More tweaks to the supplied S5 themes.
Fixed a minor regression in the non-Math Markdown engine.
2007-09-14 18:09:24 -05:00
Jason Blevins
ee22cdf75e Use Standard PageRenderer for S5 Content 2007-09-14 13:10:12 -04:00
Jacques Distler
54aada824c Use Standard PageRenderer for S5 Content
From Jason Blevins: use the standard PageRenderer class to render S5 content. This way, WikiWords (etc) are processed in S5 slideshows.
2007-09-14 10:43:03 -05:00
Jason Blevins
61b7168d7a Fixed regular expression to pick up S5 theme. 2007-09-13 20:41:39 -04:00
Jason Blevins
b8911bc388 Render S5 slideshows using Instiki's rendering engine framework so that WikiWord links are processed. 2007-09-13 20:25:20 -04:00
Jason Blevins
cbb3d5f256 Sync with latest trunk 2007-09-12 20:25:52 -04:00
Jacques Distler
3f5d804c22 Testcases for Recent XSS flaws
Testcases for unsanitized chunk-handling.
2007-09-11 20:49:56 -05:00
Jacques Distler
d0e834978a Fix Broken Tests
In preparation for adding new tests, let's fix the existing ones.
3 Unit tests and one Functional test still fail.

* Two unit tests are bugs in xhtmldiff
* One is a bug in Maruku
* A file upload functional test fails, for reasons that escape me.
2007-09-11 12:04:26 -05:00
Jacques Distler
119ab342dc Security: Sanitize <nowiki>
Another XSS hole: the contents of <nowiki>...</nowiki> was not being sanitized.
2007-09-10 22:35:50 -05:00