Jacques Distler
6d46e16ee1
Release 0.14pre(MML+)
...
Rev Version Number.
2008-03-17 11:37:22 -05:00
Matthias Tarasiewicz
8685a29a40
updated the changelog for the upcoming 0.13 release
2008-03-17 15:03:42 +00:00
Jacques Distler
503f956084
Fix Two XSS Vulnerabilities
...
Unescaped page names (in 'edit' an 'new' views).
Unsanitized HTTP_CLIENT_IP header.
2008-03-14 23:22:46 +00:00
Jacques Distler
35257b5fae
IPv6-compatible fix for latest Philip Taylor Phun
...
This is better than Revision 228.
2008-03-14 17:25:02 -05:00
Jacques Distler
d46798dd08
Security: Sanitize Remote IP address
...
Dunno quite how, but evidently, request.ip is manipulable. Make sure it consists of a dotted-quad.
Also, correct a typo from the previous revision.
2008-03-14 10:50:06 -05:00
Jacques Distler
827fb77ad3
Missed One
...
One more place where @page.name appears.
2008-03-14 00:18:11 -05:00
Jacques Distler
609c5541b9
Yet More Philip Taylor Phun
...
Escape page names.
Grrr.
2008-03-13 23:02:12 -05:00
Jacques Distler
8243cf9289
Fix broken functional test
...
From Revision 223.
2008-03-13 20:09:23 -05:00
Jacques Distler
f739077976
Yet more well-formedness Phun
...
Error messages need to be escaped.
2008-03-13 18:06:16 -05:00
Jacques Distler
435bbfcd36
Further Tweaks
...
Follow up on revisions 221,222.
2008-02-29 09:46:21 -06:00
Jacques Distler
ad620f63d3
Web Style Tweaks are CDATA
...
Make sure they're properly escaped.
2008-02-29 02:40:22 -06:00
Jacques Distler
9b7b6fb805
Latest Maruku and Tweak for itex2MML 1.3.4
...
Instiki's LaTeX output also supports \Perp.
2008-02-29 01:30:46 -06:00
Jacques Distler
5dd0507acc
Support svg:foreignObject
...
Fixes to the html5lib sanitizer and maruku to support the SVG <foreignObject> element.
Also update to the latest REXML.
2008-02-03 23:56:17 -06:00
Jacques Distler
15640ca7a3
Latest REXML and Latest Maruku
2008-02-01 01:25:38 -06:00
Jacques Distler
9a633c0792
Another small tweak to atom template
2008-01-28 01:25:33 -06:00
Jacques Distler
d0f7db4247
Fix atom:updated Times
...
Use page.revised_at instead of page.updated_at.
Thanks to Jason Blevins for pointing out the problem.
2008-01-28 01:13:28 -06:00
Jacques Distler
550c2e6c40
Remove the action_cache plugin
...
The action_cache plugin is now rather superfluous (Rails has native support for ETags, for instance).
And it wasn't working right with Rails 2.0.x (pages were being cached, and 304s were being returned
as appropriate, but cached pages were not being served).
2008-01-22 23:35:35 -06:00
Jacques Distler
5a0a6b2ca1
More Philip Taylor Phun
...
More checks that page_names are valid utf_8.
2008-01-22 20:22:59 -06:00
Jacques Distler
5db9ddaf47
Fix Busted Functional Tests
...
Fix the functional tests busted by Revision 212.
Sync with latest HTML5lib.
2008-01-21 11:59:55 -06:00
Jacques Distler
51474e06c8
Styling Hook
...
Add a distinct class-name for the footer in the page view.
2008-01-19 15:06:17 -06:00
Jacques Distler
bb3ccfed4e
Make life a little more difficult for spammers
...
Sessions are now stored in a cookie (signed and Base-64 encoded).
Form_spam_protection stores form_keys in the session.
Make sure spambots implement both cookies and javascript, by storing hashed (with salt) keys in the session.
2008-01-18 14:49:28 -06:00
Jacques Distler
e7d080db25
Slightly More Efficient
...
A slightly more efficient implementation of the above change to form_spam_protection.
2008-01-17 03:47:08 -06:00
Jacques Distler
72b4f97382
Garbage Collection of :form_keys
...
In each session, keep only the 30 most recent :form_keys generated by form_spam_protection.
This should be more than enough for ordinary usage, but prevents the session data from
becoming inordinately large.
Also, burnt-orange rulz!
2008-01-17 03:20:19 -06:00
Jacques Distler
6359d06ed1
Bug in Include Chunk-handler
...
Fix the chunk-handler for [[!include ...]] so that it behaves as expected.
2008-01-16 11:28:43 -06:00
Jacques Distler
4586614914
Misc Cleanup
...
Cleaned up some dependencies, and added a mime_types.yml file for Mongrel-compatibility.
2008-01-14 14:46:38 -06:00
Jacques Distler
f101ee9a21
Manage_Fixtures
...
Make sure manage_fixtures plugin doesn't mess with fixtures in test/fixtures.
Also, a slightly more elegant version of the REXML version test.
2008-01-13 00:26:25 -06:00
Jacques Distler
38ae064b8a
Bundle Latest REXML
...
Sam Ruby has been doing a bang-up job fixing the bugs in REXML.
Who knows when these improvements will trickle down to vendor distributions of Ruby.
In the meantime, let's bundle the latest version of REXML with Instiki.
We check the version number of the bundled REXML against that of the System REXML, and use whichever is later.
2008-01-11 23:53:29 -06:00
Jacques Distler
1085168bbf
Update to latest HTML5lib, Add Maruku testdir
...
Sync with the latest html5lib.
Having the Maruku unit tests on-hand may be useful for debugging; so let's include them.
2008-01-08 00:01:35 -06:00
Jacques Distler
ebc409e1a0
Ensure the_content REALLY is utf-8
...
Our check that the the_content was valid utf-8 was rather busted.
This one works right. In particular, we needed to expand NCRs before checking.
2008-01-03 15:27:03 -06:00
Jacques Distler
c89aeb6665
Some Tests for Philip Taylor Phun 'n Games
...
Some tests for the illegal Unicode characters in search queries (and elsewhere).
2008-01-02 02:33:05 -06:00
Jacques Distler
c8196cbe41
More Unicode Fun
...
From Philip Taylor (via Henri Sivonen): disallow U+fffe and U+ffff.
2008-01-01 22:00:07 -06:00
Jacques Distler
14e3728183
A Tweak to the Error-Page Layout
2007-12-30 20:34:08 -06:00
Jacques Distler
0c16ab4e6f
Better Error for Stale Session
...
Rather than giving a generic 500 error, tell the user to reload the page.
2007-12-30 10:41:19 -06:00
Jacques Distler
a2c7705de5
More of the Same.
2007-12-30 03:58:57 -06:00
Jacques Distler
df28bd545a
Well-Formed Error Pages
...
Apparently, my fans think returning raw text error messages are a bad thing.
Well-formed XHTML for them, I guess ...
2007-12-30 03:28:33 -06:00
Jacques Distler
5d52cf303f
Conditional Use of New REXML Output Logic.
...
Thanks to Sam Ruby for pointing out the problem.
2007-12-28 19:58:22 -06:00
Jacques Distler
6cd8d8d2ef
Fixes from Jason Blevins
...
Removed some (fossil) test dependencies and a deprecation warning.
Patched the Rails 2.0.2 routing code to emit old-style Instiki URLs.
2007-12-24 17:26:40 -06:00
Jacques Distler
a0cf0951af
Document the Secret Key configuration a bit
2007-12-24 17:18:30 -06:00
Jason Blevins
f1106428dc
Included a test for page names with spaces.
...
Upgraded to Rails 2.0.2 routing code. Kept the "old" CGI-style escaping rather than using URI.escape.
2007-12-24 16:02:14 -05:00
Jason Blevins
feed609d86
Removed unneeded test dependencies.
2007-12-24 15:33:39 -05:00
Jason Blevins
d042b4fd94
config.breakpoint_server has been deprecated and has no effect.
2007-12-22 23:54:29 -05:00
Jason Blevins
fc586e3f6b
Sync with trunk: upgrade to Rails 2.0.2
2007-12-22 11:15:52 -05:00
Jacques Distler
e74deb0cfb
Unit test
...
Add a unit test for previous WikiWord fix.
2007-12-21 08:53:45 -06:00
Jacques Distler
6873fc8026
Upgrade to Rails 2.0.2
...
Upgraded to Rails 2.0.2, except that we maintain
vendor/rails/actionpack/lib/action_controller/routing.rb
from Rail 1.2.6 (at least for now), so that Routes don't change. We still
get to enjoy Rails's many new features.
Also fixed a bug in Chunk-handling: disable WikiWord processing in tags (for real this time).
2007-12-21 01:48:59 -06:00
Jason Blevins
7dbf8be706
Merged with trunk.
2007-12-19 21:20:11 -05:00
Jacques Distler
0f6889e09f
Fix Unicode bug
...
Fix Diego Restrepo's bug (see Rev 184).
Update to latest HTML5lib.
2007-12-17 03:17:43 -06:00
Jacques Distler
18da1a1d71
Accommodate \nequiv in LaTeX output
2007-11-02 10:15:17 -05:00
Jacques Distler
70025a4ba3
More SVG Sanitization
2007-10-31 01:00:45 -05:00
Jason Blevins
8cd38d9ade
Sync with trunk
2007-10-29 21:21:08 -04:00
Jacques Distler
eca126f589
Sanitize <svg:image>
...
This element is unsafe.
2007-10-29 13:51:41 -05:00