Commit graph

221 commits

Author SHA1 Message Date
Jacques Distler
008824c1ad Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-10-11 10:22:15 -05:00
Jacques Distler
a483b4e71e Also fix S5 slides.js
It needs to use relative URLs, too.
2009-10-11 10:20:43 -05:00
Jacques Distler
de44b81020 Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-10-11 09:56:55 -05:00
Jacques Distler
23e9c6beb2 Use AssetTagHelpers in S5 Template
Otherwise S5  breaks when Instiki is
deployed to a non-root URL (e.g., by
setting RailsBaseURI in Passenger).

Also a stylistic tweak in lib/node.rb
2009-10-11 09:49:01 -05:00
Jacques Distler
fe9e834983 Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-10-10 03:54:33 -05:00
Jacques Distler
dd8c912c6c Update lib/node.rb
Grab some fixes from html_scanner, and add few of our own.
2009-10-10 03:52:33 -05:00
Jacques Distler
ffa6ee23cd Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-10-10 02:46:59 -05:00
Jacques Distler
d5e35d2861 Some more Sanitizer tweaks
Mostly stylistic things, but allow some constants to be defined by the calling program.
2009-10-10 02:44:44 -05:00
Jacques Distler
7995143c09 Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-10-09 23:20:38 -05:00
Jacques Distler
d14db51d9e More Sanitizer Refactoring
Make the Sanitizer more efficient.
Also, update some unit tests.
2009-10-09 23:18:17 -05:00
Jacques Distler
0f1b6bc695 Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-10-09 14:03:57 -05:00
Jacques Distler
9b7071d190 Update Sanitizer Docs
They were a bit out-of-sync with what the sanitizer
actually does.
2009-10-09 14:02:07 -05:00
Jacques Distler
043db32754 Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-10-09 13:04:00 -05:00
Jacques Distler
e7b77dd3d3 Sanitizer Refactoring
A bit of cleanup for the Sanitizer.
2009-10-09 13:02:02 -05:00
Jacques Distler
5c2e4437b5 Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-10-08 16:24:59 -05:00
Jacques Distler
2f3ff9f651 Efficiency
There's a moderate efficiency gain to be had by
using Set#include?, rather than Array#include?
in the sanitizer.
2009-10-08 16:22:50 -05:00
Jacques Distler
a35921a90d Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-09-25 16:02:23 -05:00
Jacques Distler
e0df6c8a6a Updated Tests and Sanitizer Fixes for Revision 439 2009-09-25 15:59:43 -05:00
Jacques Distler
b438bc64f6 Update More MathML Entity Mappings
Bring up-to-date with Editor's copy of
XML Entity definitions for Characters
(W3C Working Draft 13 September 2009)
http://www.w3.org/2003/entities/2007doc/overview.html
2009-09-25 14:34:22 -05:00
Jacques Distler
22b119c056 Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-09-24 16:24:04 -05:00
Jacques Distler
31ed55f055 Update MathML Entity Mappings
Update list of XHTML+MathML named entities
to match
http://www.w3.org/TR/2008/WD-xml-entity-names-20080721/
2009-09-24 16:21:22 -05:00
Jacques Distler
e652af4e73 Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-09-09 15:03:49 -05:00
Jacques Distler
7185af32fc Fix an Eyesore
That just looked sloppy. I blame copy/paste.
2009-09-09 15:01:25 -05:00
Jacques Distler
f5f3d76c99 Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-09-09 09:18:39 -05:00
Jacques Distler
3ff68ef42f Don't Expand NCRs
That operation is not idempotent (among other defects).
Instead, just check that the NCRs corespond to valid utf-8.
(Reported by Andrew Stacey)
2009-09-09 09:16:00 -05:00
Jacques Distler
2068683ee8 Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-09-07 20:44:57 -05:00
Jacques Distler
116255dc0d Purify Categories
Apply the same methodology, as in Revision 432,
to the category chunk-handler. This completes
the replacement of all the code that looks like

  if string.is_utf8?
    do something
  else
    complain
  end

with code that looks like

  string.purify
  do something
2009-09-07 20:38:09 -05:00
Jacques Distler
52a0b565a5 Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-09-07 16:08:33 -05:00
Jacques Distler
c79fef9c01 Clean, rather than Complain
Previously, if the user tried to submit content which was
malformed utf-8, Instiki would complain loudly to him.

A slightly more user-friendly approach was suggested by
the latest Rails 2.3.4, and a conversation with Sam Ruby
(who suggested some improvements).

Now, instead of complaining, we remove the offending bytes,
leaving a well-formed utf-8 string, which we pretend is what
the user meant to submit.
2009-09-07 16:02:36 -05:00
Jacques Distler
8957927c7a That'll Teach Me to Merge Indiscriminately!
Rollback rake upgrade task
2009-09-05 23:21:44 -05:00
James Herdman
4d9789644d Merge from parasew/master 2009-09-05 15:26:29 -04:00
Jacques Distler
f9a0c824ca Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-09-03 23:12:27 -05:00
Jacques Distler
342298ed0e Wikilinks to Published Webs
Should be to the published action. This
didn't work right for inter-web links.
(Reported by Mike Shulman)

Also, change some .length's to .size's
(for Andrew Stacey)
2009-09-03 23:09:10 -05:00
Jacques Distler
e75a0f9881 Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-08-29 23:38:08 -05:00
Jacques Distler
888e93a7fd Streamline Rake Task
Refactor the upgrade_instiki rake task.
Based on the (very nice) JHerdman's
  64d305f2a8
but defaults to 'production' environment, instead.
Instiki users don't know about production/development/test.
Instiki defaults to 'production'. So should its associated rake tasks.
2009-08-29 23:31:39 -05:00
James Herdman
64d305f2a8 Don't make ANY assumptions about the environment. Use the model and
Rails to do as much work as possible.
2009-08-29 14:20:08 -04:00
Jacques Distler
205fbcb898 Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-08-27 17:01:44 -05:00
Jacques Distler
c05d69bcff Make upgrade_instiki Rake Task Database-Agnostic
Reported by James Herdman.
2009-08-27 16:57:37 -05:00
Jacques Distler
9edb8f6045 Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-07-27 22:53:11 -05:00
Jacques Distler
0e0f666fb4 Rollbacks and Relative URLs
Ensure "rollback" locks page for editing. (reported by Toby Bartels)
Generate relative URLs, when possible. (Patch by Dennis Knauf)
2009-07-27 22:49:12 -05:00
Jacques Distler
191f7b3b2c Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-06-12 19:49:34 -05:00
Jacques Distler
9b857d3501 Test page_name, not text
Fix from Jason Blevins.
2009-06-12 19:47:56 -05:00
Jacques Distler
89757dccd4 Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-06-11 13:18:37 -05:00
Jacques Distler
c98d44606a Wikilinks with '." in the Page Name
Rails won't let you put "." in the page name.
This prevents creating new-page Wikilinks with
such names.
2009-06-11 13:16:10 -05:00
Jacques Distler
2995354b3a Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-06-06 21:09:30 -05:00
Jacques Distler
305b37b401 Another Bug-fix and some tests
Man, but this needs more tests ... !
2009-06-06 21:08:08 -05:00
Jacques Distler
8624a40bf8 Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-06-05 00:41:33 -05:00
Jacques Distler
0943b7e510 Expire Caches for Redirected Links
[[!redirect foo]] should expire all pages which reference "foo".
Sounds simple, but this was a really gnarly bug to fix.
2009-06-05 00:39:12 -05:00
Jacques Distler
3d626dae30 Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-06-02 22:24:50 -05:00
Jacques Distler
d7832ba262 Wiki Redirects and Page Renaming
Added the ability to rename existing pages.
[[!redirects Some Page Name]] redirects Wikilinks [[Some Page Name]] to
  the current page (assuming "Some Page Name" does not exist).
  Real pages trump redirects (though this may change, depending on 
  user feedback).
2009-06-02 22:17:15 -05:00
Jacques Distler
4d34abc8fa Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-05-07 17:03:03 -05:00
Jacques Distler
681065631c Add Support for SVG Clipping Paths
Add support in the sanitizer for <clipPath>, @clip-path and @clip-rule.
Suggested by Andrew Stacey.
2009-05-07 16:53:56 -05:00
Jacques Distler
6b09f76864 Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-03-30 23:55:20 -05:00
Jacques Distler
d5a65e6ac8 History Pages
From Jason Blevins:
  Create a "History" page for each wiki page.
  Link to it, and to the "Diff" page from "Recently Revised".
Also, correct a bug in listing/deleting links to uploaded
video and audio files.
2009-03-30 23:50:06 -05:00
Jacques Distler
72c4fb71df Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-03-27 09:27:00 -05:00
Jacques Distler
d425a70fad Yikes!
Yet more dangerously greedy Regexps in Maruku,
and one of my own.
2009-03-27 09:25:08 -05:00
Jacques Distler
3fdfad29a3 Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-03-03 12:19:13 -06:00
Jacques Distler
c7418af48d Support for HTML5 <audio>
As with <video>,

   [[foo.wav:audio]]

works now, producing an HTML5 <audio> element.
2009-03-03 12:17:14 -06:00
Jacques Distler
52f57f151c Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-03-02 02:39:23 -06:00
Jacques Distler
8ea8b6a8f7 <video> and x-sendfile
Using <object> and <embed> were forbidden for obvious
security reasons. Instiki now permits embedding video
via the HTML5 <video> element (Ogg/Theora encoded videos
only, with .ogg or .ogv extensions). You can even upload
videos with

    [[foo.ogg:video]]

Instiki now support x-sendfile. See the Proxying page for
configuring Apache (with the x-sendfile module). Lighttpd
should work similarly.

Update Rails to latest Edge (hopefully converging on RC2!).
2009-03-02 02:32:25 -06:00
Jacques Distler
d039840bb4 Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki 2009-02-27 19:24:43 -06:00
Jacques Distler
133c21b801 Bugfixes and Rails Edge
Update to Rails 2.3.1.
  (Actually, not quite. Doesn't look like 2.3.1 will be released
   today, but I REALLY want to push these bugfixes out.)
Removed bundled Rack (Rails 2.3.1 comes bundled with Rack 1.0).
Add
     config.action_view.cache_template_loading = true
  to production environment.
Fix FastCGI bug (http://rubyforge.org/tracker/index.php?func=detail&aid=24191&group_id=186&atid=783).
Fix WikiWords bug (http://rubyforge.org/pipermail/instiki-users/2009-February/001181.html).
2009-02-27 19:23:00 -06:00
Jacques Distler
5b258daef9 Added empty directories because Git is stupid. 2009-02-05 03:02:31 -06:00
Jacques Distler
4e14ccc74d Instiki 0.16.3: Rails 2.3.0
Instiki now runs on the Rails 2.3.0 Candidate Release.
Among other improvements, this means that it now 
automagically selects between WEBrick and Mongrel.

Just run

    ./instiki --daemon
2009-02-04 14:26:08 -06:00
Jacques Distler
43aadecc99 Links in Published Webs
Links in the 'show' action should be to the 'show' action.
Links in the 'published' action should be to the 'published' action.
Try to focus, Distler!
2009-02-01 16:17:14 -06:00
Jacques Distler
5d15e3f39d Security: Instiki 0.16.2
On Webs with file uploads enabled, uploaded files were stored
(in version 0.16.1 and earlier) in the public/ directory.

This was a security threat. A miscreant could upload a .html file.
When a user clicked on the link to the file, it was opened (unsanitized)
in the browser.

As of version 0.16.2, uploaded files are stored in the webs/
directory. Now, when the user clicks on the link, the file is sent
with the

    Content-Disposition: attachment

header set, which causes the file to be downloaded, rather than opened
in the browser. As always, files downloaded from the internets should be
treated with caution. At least, this way, they are not aoutomatically 
opened in the browser.

To move your existing uploaded files to the new location, do a

     rake upgrade_instiki
2009-01-26 00:21:30 -06:00
Jacques Distler
0b2a6935a2 Export XHTML Pages
When a Web uses one of the Markdown Text Filters, and you export
all the pages as a zip file, you'd like the MathML and SVG to
render when the pages are viewed locally. This means saving them
with a .xhtml extension. Users of non-XHTML-capable browsers or
Textile users should still get .html files.
2009-01-23 11:02:16 -06:00
Jacques Distler
13b7e1d766 A Real Fix For the "Backslashes in Included Equations" Bug
Ruby's String.sub!(pattern, replacement) routine is fundamentally
broken. But the block version works fine.

Using the broken routine in the Chunk handler was a subtle mistake.
2009-01-17 00:28:38 -06:00
Jacques Distler
294ac909c4 Don't hide equations, except in MarkdownMML and MarkdownPNG
In other engines, e.g. textile, the equation delimiters have no
special meaning. So they should not be used to hide content from
wiki processing.
2009-01-16 12:51:43 -06:00
Jacques Distler
a6d80426a9 Revert Revision 338
That didn't work with nested includes:
A: [[!include B]]
B: [[!include C]]
C:   fubar!

Added a test for that issue.
2009-01-15 22:42:09 -06:00
Jacques Distler
41006d20ef Fix the "Backslashes in Included Equations" Bug
See
  http://golem.ph.utexas.edu/instiki/revision/Known+Bugs?rev=3#IncludedEqs

Who knew that

      @pre_rendered = String.new(self)

was not the same as

      @pre_rendered = String.new
      @pre_rendered = self

?
2009-01-14 22:55:59 -06:00
Jacques Distler
074711d4c5 Hide Equations From WikiChunk Processing
WikiWord (and the like) could wreak havoc in equations. Protect them
(the way <a>, <pre> and <code> blocks are protected).

For some reason, this doesn't seem to work in inline equations.
Maruku is doing something funny there ... => one failing Unit Test.
2009-01-14 16:11:07 -06:00
Jacques Distler
5c20871ec4 Remove last vestige of CGI.unescapeHTML 2009-01-10 02:00:26 -06:00
Jacques Distler
82e7aa52c7 Referring Pages for File List
For the file_list  action, include the pages which link to the given file(s).
This required rejiggering so that that information is actually retained in the database.
Unfortunately, you'll actually need to revise the page(s) in question, because that's the
only time this information is updated in the database.
2009-01-10 00:18:25 -06:00
Jacques Distler
52c1f74ecc Add a couple of XSS tests.
Some more tests from Clint Ruoho. The main branch of Instiki (and, I guess,
the old sanitizer) are vulnerable.

Also: under Ruby 1.8.x, CGI.unescapeHTML screws up horribly decoding NCRs
which represent high-bit ASCII characters. UTF-8 agrees with 7-bit ASCII,
but CGI.unescapeHTML doesn't seem to know that they disagree for i>127.
2009-01-05 16:25:27 -06:00
Jacques Distler
5700d4513f Preliminary (?) Interface for Deleting Uploaded Files.
The simplest thing which could possibly work ...
2008-12-30 03:03:02 -06:00
Jacques Distler
c3c33b68dd Multiple leading capital letters in a WikiWord
CMyApp  is a WikiWord (at least, on other Wiki systems, like TWiki).
Should allow that here

Also, choose a more obscure name for the thread-local variable tracking
included chunks.
2008-12-25 17:41:35 -06:00
Jacques Distler
61c3fb1ab9 Bump Version Number
Version 0.16

Also, allow Includes of single-letter pages.
2008-12-24 13:11:53 -06:00
Jacques Distler
0f843bc537 Slicker
Clean up the recursive-include code a bit.
2008-12-24 11:09:05 -06:00
Jacques Distler
3a109d1c82 Thread Safety
Use "Thread.current[:included_by]" instead of  the Class variable,
"@@included_by".

The former will work on some newfangled multi-threaded Webserver stack,
which uses separate threads to handle multiple simlutaneous requests
(one request/thread). Dunno that the rest of the application is
thread-safe, but using a class variable, in this context, probably isn't.

Thanks to Sam Ruby for the suggestion.
2008-12-23 16:27:34 -06:00
Jacques Distler
1b54b695c3 Single Letter WikiLinks
Another request from the old (and apparently defunct) Instiki Bug Tracker:
allow single letter WikiLinks, e.g. "[[a]]". Requested by a Japanese user.

Fixed.
2008-12-22 23:57:21 -06:00
Jacques Distler
91eb8f5fbf Fix Recursive Includes
Another very amusing 3-year old bug from the main Instiki Bug Tracker
(don't they ever fix anything?): the chunk-handling code was supposed
to prevent recursive [[!include ...]] statements. Alas, instead of
actually preventing them it would -- when it encountered a recursive
include -- churn away until Rails ran out of stack space.

Fixed.
2008-12-21 02:47:45 -06:00
Jacques Distler
dcd3e63ae8 Nowiki Include
Previously,
   <nowiki>[[!include foo]]</nowiki>
would produce some garbage, like
   chunk18226682includechunk
instead of the desired rendered text,
   [[!include foo]]

Fixed.
2008-12-20 23:24:50 -06:00
Jacques Distler
1f816af24b Uploaded Pictures Should Display in "Published" Mode 2008-12-20 13:56:50 -06:00
Jacques Distler
ad049bcc4b Drop hostname from cache key
By default, Rails will cache

    example.com/mywiki/show/SomePage
and
    www.example.com/mywiki/show/SomePage

In Instiki, this just leads to stale cached pages and frustration.
Fix that behaviour.
2008-12-18 09:21:26 -06:00
Jacques Distler
a503e2b8ac Gentler
Be a little gentler in recovering from Instiki::ValidationErrors, when saving a page.
Previously, we threw away all the user's changes upon the redirect. Now we attempt
to salvage what he wrote.
2008-12-17 00:07:21 -06:00
Jacques Distler
5d7d89d193 Fix Slowdown in Sanitizer Regexp
Deal with the issue:

   http://code.google.com/p/html5lib/issues/detail?id=83

by fixing a regexp used for sanitizing inline style attributes.
2008-12-09 08:54:35 -06:00
Jacques Distler
5d47fdff8b Make Interweb Links Work Right
Links to a published web should be to the 'publish' action, not to the
'show' action. Previously, the published status of the source, not the target
was used.

Also, correct display of the Navigation Links for the 'published' action.
2008-12-01 22:58:09 -06:00
Jacques Distler
513b2b16c1 Better
Put the "safe" XHTML sanitization in lib/santize.rb, rather than in lib/chunks/nowiki.rb.
D'oh!
2008-12-01 10:29:46 -06:00
Jacques Distler
758325923f Fix another ill-Formedness hole
The html5lib sanitizer does not necessarily produce well-formed output.
Take some "bad" input, wrap it in a <nowiki> tag and -- bingo! -- you get
ill-formed output.

Fixed. (Though, probably, one should fix the html5lib sanitizer, instead.)
2008-11-30 21:44:52 -06:00
Jacques Distler
2e81ca2d30 Rails 2.2.2
Updated to Rails 2.2.2.
Added a couple more Ruby 1.9 fixes, but that's pretty much at a standstill,
until one gets Maruku and HTML5lib working right under Ruby 1.9.
2008-11-24 15:53:39 -06:00
Jacques Distler
1b69b148de More Ruby 1.9 Compatibility fixes
Still a long way to go, but these will help.
2008-11-12 09:47:24 -06:00
Jacques Distler
7600aef48b Upgrade to Rails 2.2.0
As a side benefit, fix an (non-user-visible) bug in display_s5().
Also fixed a bug where removing orphaned pages did not expire cached summary pages.
2008-10-27 01:47:01 -05:00
Jacques Distler
e1c7d035c9 Some more SVG attributes for the sanitizer
From Sam Ruby.
2008-07-28 10:57:55 -05:00
Jacques Distler
c427807274 Blahtex
Sync with latest Maruku.
Pave the way for Blahtex (PNG-based math) support (from Ari Stern).
   (no visible functionality, yet, but that will come)
2008-07-26 04:14:41 -05:00
Jacques Distler
4901279391 Style: Don't put 'require' statements inside methods 2008-05-22 09:36:23 -05:00
Jacques Distler
ca1e8de89c Minor Cleanups
Remove a no-longer-needed function.
&apos; -> &39;
Fix regexp for tag chunk.
2008-05-22 02:46:45 -05:00
Jacques Distler
f6508de6dd Whoops!
In some circumstances, the new Sanitizer was double-escaping text nodes.
Fixed (with unit test).
2008-05-21 14:14:43 -05:00
Jacques Distler
45405fc97e New Sanitizer Goes Live
The new sanitizer seems to work well (cuts the time required
to produce the Instiki Atom feed in half). Our strategy is to
use HTML5lib for <nowiki> content, but to use the new sanitizer
for content that has been processed by Maruku (and hence is
well-formed).

The one broken unit test won't affect us (since it dealt with
very malformed HTML).
2008-05-21 02:06:31 -05:00
Jacques Distler
800880f382 Rough In New Sanitizer
Start work (which may not pan out) on a new sanitizer. Right now, it passes
all but 1 of the HTML5lib Sanitizer's unit tests. But it doesn't do much
of anything to ensure well-formedness. This is not an issue for Maruku-processed
content, but it is a concern for <nowiki> blocks.

(One solution would be to use the HTML5lib parser on <nowiki> blocks.)

In any case, this baby is 3 times as fast as the HTML5lib sanitizer.
2008-05-20 17:02:10 -05:00