Commit graph

1016 commits

Author SHA1 Message Date
Matthias Tarasiewicz 5e095d59cb finally removed pdf and latex export which caused the export button to fail with mongrel. PDF export will be added later on without pdflatex. 2007-10-14 14:11:37 +00:00
Jacques Distler 198d7847bd Performance
My REXML::Element.to_ncr (and REXML::Element.to_utf8) is horribly slow. For long documents, it proves more efficient to serialize to a string, apply String.to_ncr (or String.to_utf8) and then Sanitize the string.
2007-10-13 16:32:04 -05:00
Jason Blevins 1cc2043cf6 Sync with trunk 2007-10-12 12:53:43 -04:00
Jacques Distler 0eb1ab56b0 More LaTeX Macros
Put in dummy macros for \statusline and \toggle.
Added colour definitions for HTML named colours.

Remaining  unimplemented:

   \color{#HHH} and \color{#HHHHHH}
   \bgcolor
   \array
   \righttoleftarrow
   \lefttorightarrow
2007-10-11 11:30:17 -05:00
Jacques Distler 148afb77e0 Sync with latest Maruku
Apparently, Maruku had trouble with the latest release of Ruby (1.8.6, patchlevel 110). This should fix it.
2007-10-10 22:06:44 -05:00
Jacques Distler 5dd75d4cb0 File Upload Links
I like this a little better.
2007-10-09 23:56:55 -05:00
Jason Blevins f785655a59 Sync with trunk 2007-10-09 20:02:02 -04:00
Jacques Distler fbdf4c5dfe Fix Broken Test
Was not picking up user-supplied alt text in [[filename|Alt text:pic]].
Fixed.
2007-10-09 11:02:44 -05:00
Matthias Tarasiewicz 806a1fc682 added /tmp folder plus structure to make instiki work with mongrel_cluster 2007-10-09 15:13:22 +00:00
Jacques Distler 402de89abf Tests for Rev 171
One test is still broken. Will fix.
2007-10-09 03:16:07 -05:00
Jacques Distler 0eb723e125 Accessibility: Use Uploaded File Descriptions
The file upload dialog asks for a description of the image or file to be uploaded. Use this as the default alt-text for the image and as a title attribute for a file link.
2007-10-09 02:51:38 -05:00
Jacques Distler 5cbdccec2a MIME-Types for WEBrick 2007-10-08 04:16:31 +00:00
Jason Blevins 957f0e5721 Sync with trunk 2007-10-07 16:10:43 -04:00
Jacques Distler ab7f429a10 Security: Enforce POSTs
Spammers can bypass form_spam_protect plugin by using GET instead of POST.

Fix this, by ensuring that unsafe operations are POSTs, rather than GETs.
2007-10-07 17:59:20 +00:00
Jacques Distler 179a0a9cb2 Might as well
Spammers aren't an issue here, but might as well enforce that these actions are POST-only, too.
2007-10-07 03:33:15 -05:00
Jacques Distler 2484542f12 Security: HTTP GET Bypassed Spam Protection
Apparently, the form_spam_protect plugin only works with HTTP POST, not GET.
Unsafe operations (save and file-upload) should be POSTs anyway.
Fixed.

Also, two broken tests fixed. Only two Unit Tests now fail: both are minor bugs in XHTMLDiff.
2007-10-07 01:59:50 -05:00
Jacques Distler be8bb3d06d InterWeb Links
From Jason Blevins:  [[Web Name:Page Name]] or [[Web Name:Page Name|alternate label]] produce inter-Web links on the same Instiki installation.
2007-10-06 16:04:11 -05:00
Jacques Distler 55fdc9fff4 Sync with latest HTML5lib 2007-10-06 11:55:58 -05:00
Jason Blevins e5f882d800 Applied URI chunk changes 2007-10-06 09:12:24 -04:00
Jason Blevins c1be34abcd Support for InterWeb Links 2007-10-06 09:06:55 -04:00
Jacques Distler 3a3cfeaa9b Drop URI Chunk-handling
The URIChunk and LocalURICunk handlers were

1) Slow
2) Buggy (prone to produce ill-formed pages in edge cases)
3) Of dubious utility

So I ditched them. No auto-linked URLs, but who cares?
2007-10-05 16:25:41 -05:00
Jason Blevins 8cdcbff13e Merge with latest trunk 2007-10-04 22:54:36 -04:00
Jacques Distler f0090cf4ab Whoops!
Committed the wrong version of tex.rhtml. This is the right one.
2007-10-04 15:46:20 -05:00
Jacques Distler 4be4125861 Remaining LaTeX macros
Added the remaining LaTeX macros from our list.
What remains is to decide on how to resolve the conflicting definitions of

   \binom{}{}

and to supply suitable characters for

   \righttoleftarrow
   \lefttorightarrow

The plain TeX syntax {A \over B} is unsupported (passed through verbatim, and will cause a LaTeX error).
2007-10-04 13:43:57 -05:00
Jason Blevins bcfa5b1f31 First commit of new Latex macros. 2007-10-04 09:55:11 -04:00
Jacques Distler 986c21527a First Batch of LaTeX Macros
The first, uncontroversial, batch of LaTeX macros from Jason Blevins.
2007-10-04 03:16:45 -05:00
Jacques Distler c67382d340 Start on LaTeX
Pave the way for Jason's LaTeX macro support.
Also, uniformize the capitalization of "ETag".
2007-10-04 02:50:08 -05:00
Jason Blevins 5b4936948b Merged Jacques Distler's latest changes. 2007-10-02 09:56:56 -04:00
Jacques Distler b0e316e37c Minor Fixes
Get rid of Redefined CONSTANT warning.
Make WEBrick respond to TERM signal. (Launchd, in particular, requires this.)
Rollback superfluous change to rails/actionpack/lib/action_controller/base.rb. Handled by the action_cache plugin.
2007-10-01 22:09:51 -05:00
Matthias Tarasiewicz 4199843e08 changing back some 'require_dependency' to 'require' since it is not needed for all (info from jacques distler) 2007-09-28 08:40:24 +00:00
Jacques Distler 10b0561aca Category lists and WikiReferences restrict to current Web.
Fix one sanitization test.
2007-09-28 03:57:52 +00:00
Jacques Distler 3b6523b4f4 rel=nofollow
A little search engine optimization.
2007-09-27 20:04:27 -05:00
Matthias Tarasiewicz 2cd2b2746e change of 'require_dependencies' to 'require' which should fix the 'superclass mismatch error' that occurred. 2007-09-27 06:09:58 +00:00
Jacques Distler a3d3f1c536 Fix XSS vulnerabilities in chunk-handling 2007-09-23 19:30:39 +00:00
Jacques Distler 06d96349e4 Don't stomp on test/fixtures, when dumping the database to YAML
Tweak the manage_fixtures plugin to use the dump/fixtures instead of test/fixtures directory.
2007-09-23 01:50:40 -05:00
Jacques Distler 1259e16a4a A Couple of Unit Tests 2007-09-23 00:03:58 -05:00
Jacques Distler e8769c0b83 Add the manage_fixtures plugin for easy database migration 2007-09-20 00:36:07 -05:00
Jason Blevins 8d48dd88fe Sync with latest trunk 2007-09-19 13:53:22 -04:00
Jacques Distler c54a78c026 Links in Published Webs
Links in published Webs (in particular, the author-link) should be to the published version of the page.
2007-09-15 14:39:28 -05:00
Jacques Distler 4144aa2c98 Can't. Stop. Tweaking. Themes. 2007-09-15 11:40:48 -05:00
Jacques Distler 2c4473a0e9 S5 Slide notes
Slide notes are now served correctly (as application/xhtml+xml) to compatible
browsers. So you can put math in your notes, and the MathML will render.

We don't do real content-negotioation. IE gets text/html; everyone else gets application/xhtml+xml.
2007-09-15 00:29:20 -05:00
Jacques Distler 08857ebe8e Fix Markdown (non-math) Engine, Tweak Themes
More tweaks to the supplied S5 themes.
Fixed a minor regression in the non-Math Markdown engine.
2007-09-14 18:09:24 -05:00
Jason Blevins ee22cdf75e Use Standard PageRenderer for S5 Content 2007-09-14 13:10:12 -04:00
Jacques Distler 54aada824c Use Standard PageRenderer for S5 Content
From Jason Blevins: use the standard PageRenderer class to render S5 content. This way, WikiWords (etc) are processed in S5 slideshows.
2007-09-14 10:43:03 -05:00
Jason Blevins 61b7168d7a Fixed regular expression to pick up S5 theme. 2007-09-13 20:41:39 -04:00
Jason Blevins b8911bc388 Render S5 slideshows using Instiki's rendering engine framework so that WikiWord links are processed. 2007-09-13 20:25:20 -04:00
Jason Blevins cbb3d5f256 Sync with latest trunk 2007-09-12 20:25:52 -04:00
Jacques Distler 3f5d804c22 Testcases for Recent XSS flaws
Testcases for unsanitized chunk-handling.
2007-09-11 20:49:56 -05:00
Jacques Distler d0e834978a Fix Broken Tests
In preparation for adding new tests, let's fix the existing ones.
3 Unit tests and one Functional test still fail.

* Two unit tests are bugs in xhtmldiff
* One is a bug in Maruku
* A file upload functional test fails, for reasons that escape me.
2007-09-11 12:04:26 -05:00
Jacques Distler 119ab342dc Security: Sanitize <nowiki>
Another XSS hole: the contents of <nowiki>...</nowiki> was not being sanitized.
2007-09-10 22:35:50 -05:00