Commit graph

49 commits

Author SHA1 Message Date
Jacques Distler
d46798dd08 Security: Sanitize Remote IP address
Dunno quite how, but evidently, request.ip is manipulable. Make sure it consists of a dotted-quad.
Also, correct a typo from the previous revision.
2008-03-14 10:50:06 -05:00
Jacques Distler
f739077976 Yet more well-formedness Phun
Error messages need to be escaped.
2008-03-13 18:06:16 -05:00
Jacques Distler
5a0a6b2ca1 More Philip Taylor Phun
More checks that page_names are valid utf_8.
2008-01-22 20:22:59 -06:00
Jacques Distler
ebc409e1a0 Ensure the_content REALLY is utf-8
Our check that the the_content was valid utf-8 was rather busted.
This one works right. In particular, we needed to expand NCRs before checking.
2008-01-03 15:27:03 -06:00
Jacques Distler
0c16ab4e6f Better Error for Stale Session
Rather than giving a generic 500 error, tell the user to reload the page.
2007-12-30 10:41:19 -06:00
Jacques Distler
a2c7705de5 More of the Same. 2007-12-30 03:58:57 -06:00
Jacques Distler
df28bd545a Well-Formed Error Pages
Apparently, my fans think returning raw text error messages are a bad thing.
Well-formed XHTML for them, I guess ...
2007-12-30 03:28:33 -06:00
Jacques Distler
6873fc8026 Upgrade to Rails 2.0.2
Upgraded to Rails 2.0.2, except that we maintain

   vendor/rails/actionpack/lib/action_controller/routing.rb

from Rail 1.2.6 (at least for now), so that Routes don't change. We still
get to enjoy Rails's many new features.

Also fixed a bug in Chunk-handling: disable WikiWord processing in tags (for real this time).
2007-12-21 01:48:59 -06:00
Jacques Distler
207fb1f7f2 New Version
Sync with Latest Instiki Trunk.
Migrate to Rails 1.2.5.
Bump version number.
2007-10-15 12:16:54 -05:00
Jacques Distler
179a0a9cb2 Might as well
Spammers aren't an issue here, but might as well enforce that these actions are POST-only, too.
2007-10-07 03:33:15 -05:00
Jacques Distler
2484542f12 Security: HTTP GET Bypassed Spam Protection
Apparently, the form_spam_protect plugin only works with HTTP POST, not GET.
Unsafe operations (save and file-upload) should be POSTs anyway.
Fixed.

Also, two broken tests fixed. Only two Unit Tests now fail: both are minor bugs in XHTMLDiff.
2007-10-07 01:59:50 -05:00
Jacques Distler
b0e316e37c Minor Fixes
Get rid of Redefined CONSTANT warning.
Make WEBrick respond to TERM signal. (Launchd, in particular, requires this.)
Rollback superfluous change to rails/actionpack/lib/action_controller/base.rb. Handled by the action_cache plugin.
2007-10-01 22:09:51 -05:00
Jacques Distler
c54a78c026 Links in Published Webs
Links in published Webs (in particular, the author-link) should be to the published version of the page.
2007-09-15 14:39:28 -05:00
Jacques Distler
54aada824c Use Standard PageRenderer for S5 Content
From Jason Blevins: use the standard PageRenderer class to render S5 content. This way, WikiWords (etc) are processed in S5 slideshows.
2007-09-14 10:43:03 -05:00
Jacques Distler
5b182bd228 HTML5lib Bug
Fixed a bug in the HTML5lib tokenizer (affects S5 slideshows).
Some miscellaneous code cleanup. In particular, don't bother with zapping control characters;
instead, rely on is_utf8? method to raise an exception (which we do anyway).
2007-09-06 10:40:48 -05:00
Jacques Distler
f482036683 S5 Themes Support
Added support for S5 Themes. Themes are stored in the public/s5/themes/ directory.
6 themes are included: default, nautilus, blue, flower, i18n, pixel.
2007-09-05 08:38:54 -05:00
Jacques Distler
dbed460843 Fixed S5 output for Safari
Safari can now receive S5 slideshows as real XHTML.
2007-07-27 13:47:19 -05:00
Jacques Distler
3ca33e52b5 Cleanup
Got rid of redcloth_for_tex.
Fixed almost all the busted tests.
2007-06-13 01:56:44 -05:00
Jacques Distler
2da672ec5b Many Minor Fixes
Fixed a whole bunch of minor stuff.
Had a go at getting some of the plethora of broken tests to pass.
2007-06-12 17:37:55 -05:00
Jacques Distler
3df61e352d Fix for IE7+MathPlayer.
Based on

    http://lists.w3.org/Archives/Public/www-math/2007May/0044.html

I've altered the Content-Type header sent to IE+MathPlayer. Rationale is
explained in 

    http://lists.w3.org/Archives/Public/www-math/2007May/0045.html
2007-05-29 17:10:20 -05:00
Jacques Distler
dc629f5c07 Do Content-negotiation for Cached Content
The action_cache plugin broke our content-negotiation.
Fixed.
2007-05-28 12:48:42 -05:00
Jacques Distler
6b21ac484f HTML5lib Sanitizer
Replaced native Sanitizer with HTML5lib version.
Synced with latest Maruku.
2007-05-25 20:52:27 -05:00
Jacques Distler
3b6cd309ff Sync with Instiki Trunk
Sync with Revision 519 of Instiki trunk (2007/5/7).
2007-05-11 11:47:38 -05:00
Jacques Distler
493803cfd1 Atom Feeds (bis)
Remove some vestiges of RSS 2.0.
2007-04-13 17:20:14 -05:00
Jacques Distler
3a57d3aade Atom Feeds
Replaced Instiki's RSS 2.0 feeds with Atom 1.0 feeds.
2007-04-13 17:04:03 -05:00
Jacques Distler
19889c98d4 Safari's DOM support in XHTML is horribly broken. Send it S5 slideshows as text/html. (Sorry: no inline SVG for you!)
Turn on Maruku's Math support in S5 slideshows, only if corresponding Web is Math-enabled.
2007-03-30 12:25:59 -05:00
Jacques Distler
0db06a9fa3 To be really XML-safe, don't emit XHTML+MathML named entities. (Ported MathML::Entities to Ruby.) 2007-03-29 03:30:10 -05:00
Jacques Distler
ff3e03a45a Switched from XHTML+MathML to XHTML+MathML+SVG DOCTYPE. Silly, I know ... 2007-03-16 01:10:52 -05:00
Jacques Distler
c704f899af File uploads now work. 2007-03-10 22:31:24 -06:00
Jason R. Blevins
e2b93c9e29 Made S5 view publically viewable for published webs.
Added an S5 view link to the bottom of the published view page.
2007-03-10 18:03:40 -05:00
Jason R. Blevins
12743280fb All WikiReference methods now limit results to the current web.
Category lists are now restricted to the current web.
2007-03-10 16:09:20 -05:00
Jacques Distler
144540a761 Fixed caching bug with category 'list' and 'recently_revised' views.
Re-enabled filesystem caching.
2007-03-10 00:18:18 -06:00
Jacques Distler
db76c79cfb Whoops! harmless typo. 2007-03-09 08:04:24 -06:00
Jacques Distler
a656772622 Deal with clients that don't send an HTTP_ACCEPT header.
Cache S5, TeX and Print views.
Temporary hack: don't cache list and recently_revised pages.
2007-03-08 21:57:21 -06:00
Jacques Distler
d74116dc67 Ensure that input is bona fide utf-8. 2007-03-07 21:06:39 -06:00
Jacques Distler
6a7645c45c Fixed inline SVG in S5.
More S5 Stylesheet tweaks.
2007-03-01 10:50:06 -06:00
Jacques Distler
41ff4724b8 Converging on S5 support. 2007-03-01 03:05:35 -06:00
Jacques Distler
02c6ed2fa0 More progress on S5.
Forgot to add gremlin zapping in app/views/wiki/edit.rhtml.
2007-02-28 18:38:52 -06:00
Jacques Distler
8359047fd5 Start on adding S5 support to Instiki. 2007-02-28 13:31:34 -06:00
Jason R. Blevins
b65a5b8e30 Bug fix. Previously, all categories were visible from all webs. Now category lists are restricted to the current web. 2007-02-27 22:27:20 -05:00
Jacques Distler
e3fafb6e6d Version strings. 2007-02-19 10:01:16 -06:00
Jacques Distler
0556f43180 XHTML-safe version of form_spam_protection. 2007-02-14 11:00:11 -06:00
Jacques Distler
d291318f3e Sync with latest (2/13/2007) Instiki svn. 2007-02-13 09:55:26 -06:00
Jacques Distler
5536e6e79e Allow user to be logged-inot several password-protected webs simultaneously. 2007-02-09 13:19:03 -06:00
Jacques Distler
eeef7952c3 Fixed the Content-negotiation for sending XHTML.
Fixed a non-well-formed page.
Maruku's metadata processing seems to be busted. May have to revert.
2007-02-01 17:22:15 -06:00
Jacques Distler
488dd334f7 Support for IE+MathPlayer.
Sync with latest Maruku.
2007-01-24 10:53:10 -06:00
Jacques Distler
29b4c4b837 Do content-negotiation to decide whether to send application/xhtml+xml or text/html.
Fixed the bozotic spam filter. Can you believe one can't use the word "texas" in Instiki?
2007-01-23 03:25:24 -06:00
Jacques Distler
b19e1e4f47 Bring up to current. 2007-01-22 08:36:51 -06:00
Jacques Distler
69b62b6f33 Checkout of Instiki Trunk 1/21/2007. 2007-01-22 07:43:50 -06:00