deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
255 commits 3 branches 18 tags 34 MiB
Commit graph

102 commits

Author SHA1 Message Date
Jacques Distler d46798dd08 Security: Sanitize Remote IP address 
Dunno quite how, but evidently, request.ip is manipulable. Make sure it consists of a dotted-quad.
Also, correct a typo from the previous revision.
 2008-03-14 10:50:06 -05:00
Jacques Distler 827fb77ad3 Missed One 
One more place where @page.name appears.
 2008-03-14 00:18:11 -05:00
Jacques Distler 609c5541b9 Yet More Philip Taylor Phun 
Escape page names.

Grrr.
 2008-03-13 23:02:12 -05:00
Jacques Distler f739077976 Yet more well-formedness Phun 
Error messages need to be escaped.
 2008-03-13 18:06:16 -05:00
Jacques Distler 435bbfcd36 Further Tweaks 
Follow up on revisions 221,222.
 2008-02-29 09:46:21 -06:00
Jacques Distler ad620f63d3 Web Style Tweaks are CDATA 
Make sure they're properly escaped.
 2008-02-29 02:40:22 -06:00
Jacques Distler 9b7b6fb805 Latest Maruku and Tweak for itex2MML 1.3.4 
Instiki's LaTeX output also supports \Perp.
 2008-02-29 01:30:46 -06:00
Jacques Distler 9a633c0792 Another small tweak to atom template 2008-01-28 01:25:33 -06:00
Jacques Distler d0f7db4247 Fix atom:updated Times 
Use page.revised_at instead of page.updated_at.
Thanks to Jason Blevins for pointing out the problem.
 2008-01-28 01:13:28 -06:00
Jacques Distler 5a0a6b2ca1 More Philip Taylor Phun 
More checks that page_names are valid utf_8.
 2008-01-22 20:22:59 -06:00
Jacques Distler 51474e06c8 Styling Hook 
Add a distinct class-name for the footer in the page view.
 2008-01-19 15:06:17 -06:00
Jacques Distler 72b4f97382 Garbage Collection of :form_keys 
In each session, keep only the 30 most recent :form_keys generated by form_spam_protection.
This should be more than enough for ordinary usage, but prevents the session data from
becoming inordinately large.

Also, burnt-orange rulz!
 2008-01-17 03:20:19 -06:00
Jacques Distler ebc409e1a0 Ensure the_content REALLY is utf-8 
Our check that the the_content was valid utf-8 was rather busted.
This one works right. In particular, we needed to expand NCRs before checking.
 2008-01-03 15:27:03 -06:00
Jacques Distler 14e3728183 A Tweak to the Error-Page Layout 2007-12-30 20:34:08 -06:00
Jacques Distler 0c16ab4e6f Better Error for Stale Session 
Rather than giving a generic 500 error, tell the user to reload the page.
 2007-12-30 10:41:19 -06:00
Jacques Distler a2c7705de5 More of the Same. 2007-12-30 03:58:57 -06:00
Jacques Distler df28bd545a Well-Formed Error Pages 
Apparently, my fans think returning raw text error messages are a bad thing.
Well-formed XHTML for them, I guess ...
 2007-12-30 03:28:33 -06:00
Jacques Distler 6873fc8026 Upgrade to Rails 2.0.2 
Upgraded to Rails 2.0.2, except that we maintain

   vendor/rails/actionpack/lib/action_controller/routing.rb

from Rail 1.2.6 (at least for now), so that Routes don't change. We still
get to enjoy Rails's many new features.

Also fixed a bug in Chunk-handling: disable WikiWord processing in tags (for real this time).
 2007-12-21 01:48:59 -06:00
Jacques Distler 18da1a1d71 Accommodate \nequiv in LaTeX output 2007-11-02 10:15:17 -05:00
Jacques Distler a92b593949 SVG in Equations 
Support the new "svg" environment from itex2MML 1.3.
 2007-10-22 22:24:25 -05:00
Jacques Distler 207fb1f7f2 New Version 
Sync with Latest Instiki Trunk.
Migrate to Rails 1.2.5.
Bump version number.
 2007-10-15 12:16:54 -05:00
Jacques Distler 0eb1ab56b0 More LaTeX Macros 
Put in dummy macros for \statusline and \toggle.
Added colour definitions for HTML named colours.

Remaining  unimplemented:

   \color{#HHH} and \color{#HHHHHH}
   \bgcolor
   \array
   \righttoleftarrow
   \lefttorightarrow
 2007-10-11 11:30:17 -05:00
Jacques Distler 0eb723e125 Accessibility: Use Uploaded File Descriptions 
The file upload dialog asks for a description of the image or file to be uploaded. Use this as the default alt-text for the image and as a title attribute for a file link.
 2007-10-09 02:51:38 -05:00
Jacques Distler 179a0a9cb2 Might as well 
Spammers aren't an issue here, but might as well enforce that these actions are POST-only, too.
 2007-10-07 03:33:15 -05:00
Jacques Distler 2484542f12 Security: HTTP GET Bypassed Spam Protection 
Apparently, the form_spam_protect plugin only works with HTTP POST, not GET.
Unsafe operations (save and file-upload) should be POSTs anyway.
Fixed.

Also, two broken tests fixed. Only two Unit Tests now fail: both are minor bugs in XHTMLDiff.
 2007-10-07 01:59:50 -05:00
Jacques Distler f0090cf4ab Whoops! 
Committed the wrong version of tex.rhtml. This is the right one.
 2007-10-04 15:46:20 -05:00
Jacques Distler 4be4125861 Remaining LaTeX macros 
Added the remaining LaTeX macros from our list.
What remains is to decide on how to resolve the conflicting definitions of

   \binom{}{}

and to supply suitable characters for

   \righttoleftarrow
   \lefttorightarrow

The plain TeX syntax {A \over B} is unsupported (passed through verbatim, and will cause a LaTeX error).
 2007-10-04 13:43:57 -05:00
Jason Blevins bcfa5b1f31 First commit of new Latex macros. 2007-10-04 09:55:11 -04:00
Jacques Distler 986c21527a First Batch of LaTeX Macros 
The first, uncontroversial, batch of LaTeX macros from Jason Blevins.
 2007-10-04 03:16:45 -05:00
Jason Blevins 5b4936948b Merged Jacques Distler's latest changes. 2007-10-02 09:56:56 -04:00
Jacques Distler b0e316e37c Minor Fixes 
Get rid of Redefined CONSTANT warning.
Make WEBrick respond to TERM signal. (Launchd, in particular, requires this.)
Rollback superfluous change to rails/actionpack/lib/action_controller/base.rb. Handled by the action_cache plugin.
 2007-10-01 22:09:51 -05:00
Jacques Distler 3b6523b4f4 rel=nofollow 
A little search engine optimization.
 2007-09-27 20:04:27 -05:00
Jason Blevins 8d48dd88fe Sync with latest trunk 2007-09-19 13:53:22 -04:00
Jacques Distler c54a78c026 Links in Published Webs 
Links in published Webs (in particular, the author-link) should be to the published version of the page.
 2007-09-15 14:39:28 -05:00
Jason Blevins ee22cdf75e Use Standard PageRenderer for S5 Content 2007-09-14 13:10:12 -04:00
Jacques Distler 54aada824c Use Standard PageRenderer for S5 Content 
From Jason Blevins: use the standard PageRenderer class to render S5 content. This way, WikiWords (etc) are processed in S5 slideshows.
 2007-09-14 10:43:03 -05:00
Jason Blevins 61b7168d7a Fixed regular expression to pick up S5 theme. 2007-09-13 20:41:39 -04:00
Jason Blevins b8911bc388 Render S5 slideshows using Instiki's rendering engine framework so that WikiWord links are processed. 2007-09-13 20:25:20 -04:00
Jacques Distler 5b182bd228 HTML5lib Bug 
Fixed a bug in the HTML5lib tokenizer (affects S5 slideshows).
Some miscellaneous code cleanup. In particular, don't bother with zapping control characters;
instead, rely on is_utf8? method to raise an exception (which we do anyway).
 2007-09-06 10:40:48 -05:00
Jacques Distler f482036683 S5 Themes Support 
Added support for S5 Themes. Themes are stored in the public/s5/themes/ directory.
6 themes are included: default, nautilus, blue, flower, i18n, pixel.
 2007-09-05 08:38:54 -05:00
Jacques Distler 81d3cdc8e4 Minor S5 tweaks and Sync with Latest HTML5lib 2007-08-30 12:19:10 -05:00
Jacques Distler dbed460843 Fixed S5 output for Safari 
Safari can now receive S5 slideshows as real XHTML.
 2007-07-27 13:47:19 -05:00
Jacques Distler b42a4c5fec More TeX macros. 2007-07-10 21:32:00 -05:00
Jacques Distler bf572e295f A few TeX macros 
Tiny steps towards usable LaTeX output.
 2007-06-16 03:14:51 -05:00
Jacques Distler 3ca33e52b5 Cleanup 
Got rid of redcloth_for_tex.
Fixed almost all the busted tests.
 2007-06-13 01:56:44 -05:00
Jacques Distler 2da672ec5b Many Minor Fixes 
Fixed a whole bunch of minor stuff.
Had a go at getting some of the plethora of broken tests to pass.
 2007-06-12 17:37:55 -05:00
Jacques Distler 3df61e352d Fix for IE7+MathPlayer. 
Based on

    http://lists.w3.org/Archives/Public/www-math/2007May/0044.html

I've altered the Content-Type header sent to IE+MathPlayer. Rationale is
explained in 

    http://lists.w3.org/Archives/Public/www-math/2007May/0045.html
 2007-05-29 17:10:20 -05:00
Jacques Distler dc629f5c07 Do Content-negotiation for Cached Content 
The action_cache plugin broke our content-negotiation.
Fixed.
 2007-05-28 12:48:42 -05:00
Jacques Distler 6b21ac484f HTML5lib Sanitizer 
Replaced native Sanitizer with HTML5lib version.
Synced with latest Maruku.
 2007-05-25 20:52:27 -05:00
Jacques Distler e4e26400ef One more file... 
This one was missed by Revision 519 in Instiki Trunk. Fixed in my branch.
 2007-05-11 12:42:18 -05:00