deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
1242 commits 3 branches 18 tags 34 MiB
Commit graph

1242 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jacques Distler a37b06b801 Scripts and Javascripts 
Add these ancilliary files that came with Rails 2.1.0 RC1.
 2008-05-18 00:25:51 -05:00
Jacques Distler 5292899c9a Rails 2.1 RC1 
Updated Instiki to Rails 2.1 RC1 (aka 2.0.991).
 2008-05-17 23:22:34 -05:00
Jacques Distler 14afed5893 Test for Entity-handling 2008-05-17 15:02:16 -05:00
Jacques Distler dfe22be5ff Minor tweak 
This is slightly better.
 2008-05-17 02:32:20 -05:00
Jacques Distler 41346bf8bd Efficiency: Entity handling 
Previously, used a regexp to find and convert named entities in the content.
Now use a more efficient algorithm.
Similar tweak for converting NCRs before checking whether text is valid utf-8.
 2008-05-17 01:43:11 -05:00
Jacques Distler 5ca0760f7c Efficiency: Sanitize Once 
Envoke the HTML5lib Sanitizer just once (when the content is finally rendered),
rather than each time it passes through the chunk-handler.
 2008-05-15 01:22:13 -05:00
Jacques Distler cd5c19e530 Routes 
Make remove_orphaned_pages work in a proxied situation.
Also, "fix" a busted functional test. I'm not happy with
 this one. We're enforcing plain-text titles (which, I think,
 is the correct thing to do), but sending them as type="html",
 which then requires double-encoding.
 2008-05-03 19:02:56 -05:00
Jacques Distler 1d5faf4a84 Upgrade to latest REXML 
Sync with REXML svn.
 2008-04-12 18:56:02 -05:00
Jacques Distler 6d46e16ee1 Release 0.14pre(MML+) 
Rev Version Number.
 2008-03-17 11:37:22 -05:00
Matthias Tarasiewicz 8685a29a40 updated the changelog for the upcoming 0.13 release 2008-03-17 15:03:42 +00:00
Jacques Distler 503f956084 Fix Two XSS Vulnerabilities 
Unescaped  page names (in 'edit' an 'new' views).
Unsanitized HTTP_CLIENT_IP header.
 2008-03-14 23:22:46 +00:00
Jacques Distler 35257b5fae IPv6-compatible fix for latest Philip Taylor Phun 
This is better than Revision 228.
 2008-03-14 17:25:02 -05:00
Jacques Distler d46798dd08 Security: Sanitize Remote IP address 
Dunno quite how, but evidently, request.ip is manipulable. Make sure it consists of a dotted-quad.
Also, correct a typo from the previous revision.
 2008-03-14 10:50:06 -05:00
Jacques Distler 827fb77ad3 Missed One 
One more place where @page.name appears.
 2008-03-14 00:18:11 -05:00
Jacques Distler 609c5541b9 Yet More Philip Taylor Phun 
Escape page names.

Grrr.
 2008-03-13 23:02:12 -05:00
Jacques Distler 8243cf9289 Fix broken functional test 
From Revision 223.
 2008-03-13 20:09:23 -05:00
Jacques Distler f739077976 Yet more well-formedness Phun 
Error messages need to be escaped.
 2008-03-13 18:06:16 -05:00
Jacques Distler 435bbfcd36 Further Tweaks 
Follow up on revisions 221,222.
 2008-02-29 09:46:21 -06:00
Jacques Distler ad620f63d3 Web Style Tweaks are CDATA 
Make sure they're properly escaped.
 2008-02-29 02:40:22 -06:00
Jacques Distler 9b7b6fb805 Latest Maruku and Tweak for itex2MML 1.3.4 
Instiki's LaTeX output also supports \Perp.
 2008-02-29 01:30:46 -06:00
Jacques Distler 5dd0507acc Support svg:foreignObject 
Fixes to the html5lib sanitizer and maruku to support the SVG <foreignObject> element.
Also update to the latest REXML.
 2008-02-03 23:56:17 -06:00
Jacques Distler 15640ca7a3 Latest REXML and Latest Maruku 2008-02-01 01:25:38 -06:00
Jacques Distler 9a633c0792 Another small tweak to atom template 2008-01-28 01:25:33 -06:00
Jacques Distler d0f7db4247 Fix atom:updated Times 
Use page.revised_at instead of page.updated_at.
Thanks to Jason Blevins for pointing out the problem.
 2008-01-28 01:13:28 -06:00
Jacques Distler 550c2e6c40 Remove the action_cache plugin 
The action_cache plugin is now rather superfluous (Rails has native support for ETags, for instance).
And it wasn't working right with Rails 2.0.x (pages were being cached, and 304s were being returned
as appropriate, but cached pages were not being served).
 2008-01-22 23:35:35 -06:00
Jacques Distler 5a0a6b2ca1 More Philip Taylor Phun 
More checks that page_names are valid utf_8.
 2008-01-22 20:22:59 -06:00
Jacques Distler 5db9ddaf47 Fix Busted Functional Tests 
Fix the functional tests busted by Revision 212.
Sync with latest HTML5lib.
 2008-01-21 11:59:55 -06:00
Jacques Distler 51474e06c8 Styling Hook 
Add a distinct class-name for the footer in the page view.
 2008-01-19 15:06:17 -06:00
Jacques Distler bb3ccfed4e Make life a little more difficult for spammers 
Sessions are now stored in a cookie (signed and Base-64 encoded).
Form_spam_protection stores form_keys in the session.
Make sure spambots implement both cookies and javascript, by storing hashed (with salt) keys in the session.
 2008-01-18 14:49:28 -06:00
Jacques Distler e7d080db25 Slightly More Efficient 
A slightly more efficient implementation of the above change to form_spam_protection.
 2008-01-17 03:47:08 -06:00
Jacques Distler 72b4f97382 Garbage Collection of :form_keys 
In each session, keep only the 30 most recent :form_keys generated by form_spam_protection.
This should be more than enough for ordinary usage, but prevents the session data from
becoming inordinately large.

Also, burnt-orange rulz!
 2008-01-17 03:20:19 -06:00
Jacques Distler 6359d06ed1 Bug in Include Chunk-handler 
Fix the chunk-handler for [[!include ...]] so that it behaves as expected.
 2008-01-16 11:28:43 -06:00
Jacques Distler 4586614914 Misc Cleanup 
Cleaned up some dependencies, and added a mime_types.yml file for Mongrel-compatibility.
 2008-01-14 14:46:38 -06:00
Jacques Distler f101ee9a21 Manage_Fixtures 
Make sure manage_fixtures plugin doesn't mess with fixtures in test/fixtures.
Also, a slightly more elegant version of the REXML version test.
 2008-01-13 00:26:25 -06:00
Jacques Distler 38ae064b8a Bundle Latest REXML 
Sam Ruby has been doing a bang-up job fixing the bugs in REXML.
Who knows when these improvements will trickle down to vendor distributions of Ruby.
In the meantime, let's bundle the latest version of REXML with Instiki.
We check the version number of the bundled REXML against that of the System REXML, and use whichever is later.
 2008-01-11 23:53:29 -06:00
Jacques Distler 1085168bbf Update to latest HTML5lib, Add Maruku testdir 
Sync with the latest html5lib.
Having the Maruku unit tests on-hand may be useful for debugging; so let's include them.
 2008-01-08 00:01:35 -06:00
Jacques Distler ebc409e1a0 Ensure the_content REALLY is utf-8 
Our check that the the_content was valid utf-8 was rather busted.
This one works right. In particular, we needed to expand NCRs before checking.
 2008-01-03 15:27:03 -06:00
Jacques Distler c89aeb6665 Some Tests for Philip Taylor Phun 'n Games 
Some tests for the illegal Unicode characters in search queries (and elsewhere).
 2008-01-02 02:33:05 -06:00
Jacques Distler c8196cbe41 More Unicode Fun 
From Philip Taylor (via Henri Sivonen): disallow U+fffe and U+ffff.
 2008-01-01 22:00:07 -06:00
Jacques Distler 14e3728183 A Tweak to the Error-Page Layout 2007-12-30 20:34:08 -06:00
Jacques Distler 0c16ab4e6f Better Error for Stale Session 
Rather than giving a generic 500 error, tell the user to reload the page.
 2007-12-30 10:41:19 -06:00
Jacques Distler a2c7705de5 More of the Same. 2007-12-30 03:58:57 -06:00
Jacques Distler df28bd545a Well-Formed Error Pages 
Apparently, my fans think returning raw text error messages are a bad thing.
Well-formed XHTML for them, I guess ...
 2007-12-30 03:28:33 -06:00
Jacques Distler 5d52cf303f Conditional Use of New REXML Output Logic. 
Thanks to Sam Ruby for pointing out the problem.
 2007-12-28 19:58:22 -06:00
Jacques Distler 6cd8d8d2ef Fixes from Jason Blevins 
Removed some (fossil) test dependencies and a deprecation warning.
Patched the Rails 2.0.2 routing code to emit old-style Instiki URLs.
 2007-12-24 17:26:40 -06:00
Jacques Distler a0cf0951af Document the Secret Key configuration a bit 2007-12-24 17:18:30 -06:00
Jason Blevins f1106428dc Included a test for page names with spaces. 
Upgraded to Rails 2.0.2 routing code.  Kept the "old" CGI-style escaping rather than using URI.escape.
 2007-12-24 16:02:14 -05:00
Jason Blevins feed609d86 Removed unneeded test dependencies. 2007-12-24 15:33:39 -05:00
Jason Blevins d042b4fd94 config.breakpoint_server has been deprecated and has no effect. 2007-12-22 23:54:29 -05:00
Jason Blevins fc586e3f6b Sync with trunk: upgrade to Rails 2.0.2 2007-12-22 11:15:52 -05:00