Commit graph

384 commits

Author SHA1 Message Date
Jacques Distler
2484542f12 Security: HTTP GET Bypassed Spam Protection
Apparently, the form_spam_protect plugin only works with HTTP POST, not GET.
Unsafe operations (save and file-upload) should be POSTs anyway.
Fixed.

Also, two broken tests fixed. Only two Unit Tests now fail: both are minor bugs in XHTMLDiff.
2007-10-07 01:59:50 -05:00
Jacques Distler
be8bb3d06d InterWeb Links
From Jason Blevins:  [[Web Name:Page Name]] or [[Web Name:Page Name|alternate label]] produce inter-Web links on the same Instiki installation.
2007-10-06 16:04:11 -05:00
Jacques Distler
55fdc9fff4 Sync with latest HTML5lib 2007-10-06 11:55:58 -05:00
Jason Blevins
e5f882d800 Applied URI chunk changes 2007-10-06 09:12:24 -04:00
Jason Blevins
c1be34abcd Support for InterWeb Links 2007-10-06 09:06:55 -04:00
Jacques Distler
3a3cfeaa9b Drop URI Chunk-handling
The URIChunk and LocalURICunk handlers were

1) Slow
2) Buggy (prone to produce ill-formed pages in edge cases)
3) Of dubious utility

So I ditched them. No auto-linked URLs, but who cares?
2007-10-05 16:25:41 -05:00
Jason Blevins
8cdcbff13e Merge with latest trunk 2007-10-04 22:54:36 -04:00
Jacques Distler
f0090cf4ab Whoops!
Committed the wrong version of tex.rhtml. This is the right one.
2007-10-04 15:46:20 -05:00
Jacques Distler
4be4125861 Remaining LaTeX macros
Added the remaining LaTeX macros from our list.
What remains is to decide on how to resolve the conflicting definitions of

   \binom{}{}

and to supply suitable characters for

   \righttoleftarrow
   \lefttorightarrow

The plain TeX syntax {A \over B} is unsupported (passed through verbatim, and will cause a LaTeX error).
2007-10-04 13:43:57 -05:00
Jason Blevins
bcfa5b1f31 First commit of new Latex macros. 2007-10-04 09:55:11 -04:00
Jacques Distler
986c21527a First Batch of LaTeX Macros
The first, uncontroversial, batch of LaTeX macros from Jason Blevins.
2007-10-04 03:16:45 -05:00
Jacques Distler
c67382d340 Start on LaTeX
Pave the way for Jason's LaTeX macro support.
Also, uniformize the capitalization of "ETag".
2007-10-04 02:50:08 -05:00
Jason Blevins
5b4936948b Merged Jacques Distler's latest changes. 2007-10-02 09:56:56 -04:00
Jacques Distler
b0e316e37c Minor Fixes
Get rid of Redefined CONSTANT warning.
Make WEBrick respond to TERM signal. (Launchd, in particular, requires this.)
Rollback superfluous change to rails/actionpack/lib/action_controller/base.rb. Handled by the action_cache plugin.
2007-10-01 22:09:51 -05:00
Jacques Distler
3b6523b4f4 rel=nofollow
A little search engine optimization.
2007-09-27 20:04:27 -05:00
Jacques Distler
06d96349e4 Don't stomp on test/fixtures, when dumping the database to YAML
Tweak the manage_fixtures plugin to use the dump/fixtures instead of test/fixtures directory.
2007-09-23 01:50:40 -05:00
Jacques Distler
1259e16a4a A Couple of Unit Tests 2007-09-23 00:03:58 -05:00
Jacques Distler
e8769c0b83 Add the manage_fixtures plugin for easy database migration 2007-09-20 00:36:07 -05:00
Jason Blevins
8d48dd88fe Sync with latest trunk 2007-09-19 13:53:22 -04:00
Jacques Distler
c54a78c026 Links in Published Webs
Links in published Webs (in particular, the author-link) should be to the published version of the page.
2007-09-15 14:39:28 -05:00
Jacques Distler
4144aa2c98 Can't. Stop. Tweaking. Themes. 2007-09-15 11:40:48 -05:00
Jacques Distler
2c4473a0e9 S5 Slide notes
Slide notes are now served correctly (as application/xhtml+xml) to compatible
browsers. So you can put math in your notes, and the MathML will render.

We don't do real content-negotioation. IE gets text/html; everyone else gets application/xhtml+xml.
2007-09-15 00:29:20 -05:00
Jacques Distler
08857ebe8e Fix Markdown (non-math) Engine, Tweak Themes
More tweaks to the supplied S5 themes.
Fixed a minor regression in the non-Math Markdown engine.
2007-09-14 18:09:24 -05:00
Jason Blevins
ee22cdf75e Use Standard PageRenderer for S5 Content 2007-09-14 13:10:12 -04:00
Jacques Distler
54aada824c Use Standard PageRenderer for S5 Content
From Jason Blevins: use the standard PageRenderer class to render S5 content. This way, WikiWords (etc) are processed in S5 slideshows.
2007-09-14 10:43:03 -05:00
Jason Blevins
61b7168d7a Fixed regular expression to pick up S5 theme. 2007-09-13 20:41:39 -04:00
Jason Blevins
b8911bc388 Render S5 slideshows using Instiki's rendering engine framework so that WikiWord links are processed. 2007-09-13 20:25:20 -04:00
Jason Blevins
cbb3d5f256 Sync with latest trunk 2007-09-12 20:25:52 -04:00
Jacques Distler
3f5d804c22 Testcases for Recent XSS flaws
Testcases for unsanitized chunk-handling.
2007-09-11 20:49:56 -05:00
Jacques Distler
d0e834978a Fix Broken Tests
In preparation for adding new tests, let's fix the existing ones.
3 Unit tests and one Functional test still fail.

* Two unit tests are bugs in xhtmldiff
* One is a bug in Maruku
* A file upload functional test fails, for reasons that escape me.
2007-09-11 12:04:26 -05:00
Jacques Distler
119ab342dc Security: Sanitize <nowiki>
Another XSS hole: the contents of <nowiki>...</nowiki> was not being sanitized.
2007-09-10 22:35:50 -05:00
Jacques Distler
9035c98dc5 Bugfix: Category listings
Fixed bug where clicking on a category link would stomp on the "All Pages" listing.
2007-09-09 23:20:06 -05:00
Jacques Distler
ed68d975df Update to latest HTML5lib
Fix that Tokenizer bug for real this time.
2007-09-09 22:26:19 -05:00
Jacques Distler
f3a89556c4 A couple more Theme Tweaks.
A couple more CSS troubles fixed.
2007-09-07 00:21:17 -05:00
Jacques Distler
9db5f83f13 Tweaks to the S5 "blue" Theme
Corrected some small problems in the CSS.
2007-09-06 23:52:22 -05:00
Jacques Distler
5b182bd228 HTML5lib Bug
Fixed a bug in the HTML5lib tokenizer (affects S5 slideshows).
Some miscellaneous code cleanup. In particular, don't bother with zapping control characters;
instead, rely on is_utf8? method to raise an exception (which we do anyway).
2007-09-06 10:40:48 -05:00
Jacques Distler
f482036683 S5 Themes Support
Added support for S5 Themes. Themes are stored in the public/s5/themes/ directory.
6 themes are included: default, nautilus, blue, flower, i18n, pixel.
2007-09-05 08:38:54 -05:00
Jason Blevins
b96ff30026 Merged with Jacques' latest changes. 2007-09-03 09:14:51 -04:00
Jacques Distler
5ff1b7f6da XSS Security Fix
There  was a XSS vulnerability in the handling of categories. Now they are escaped.
2007-09-02 00:33:28 -05:00
Jacques Distler
6fd6be8fea Sanitizer Fix
Whoops! Looks like Ryan changed the API for the HTML5 sanitizer. Bad, bad, bad.
Fixed now.
2007-08-30 16:06:20 -05:00
Jacques Distler
81d3cdc8e4 Minor S5 tweaks and Sync with Latest HTML5lib 2007-08-30 12:19:10 -05:00
Jacques Distler
dbed460843 Fixed S5 output for Safari
Safari can now receive S5 slideshows as real XHTML.
2007-07-27 13:47:19 -05:00
Jacques Distler
b42a4c5fec More TeX macros. 2007-07-10 21:32:00 -05:00
Jacques Distler
1bc5da0053 Use XHTMLSerializer, where appropriate. 2007-07-04 18:53:03 -05:00
Jacques Distler
8ccaad85a5 Sync with latest HTML5lib and latest Maruku 2007-07-04 17:36:59 -05:00
Jason Blevins
3070d6eeae Synced with trunk. 2007-06-22 13:21:49 -04:00
Jacques Distler
8e92e4a3ab Sync with latest HTML5lib 2007-06-22 03:12:08 -05:00
Jacques Distler
bf572e295f A few TeX macros
Tiny steps towards usable LaTeX output.
2007-06-16 03:14:51 -05:00
Jacques Distler
df2898d940 Fix Caching bug (bis)
Nope! It's not a Rails bug. It's an action_cache plugin bug, after all. Fixed now.
2007-06-15 09:59:32 -05:00
Jacques Distler
31f691329a Fix Caching Bug
Files with "+"s in their names (e.g. from Wiki pages with spaces in their names) were not being expired properly. This is actually a Rails bug, but I fixed it by patching the action_cache plugin.
2007-06-15 09:18:06 -05:00