Commit graph

35 commits

Author SHA1 Message Date
Jacques Distler
4b2448b09a Security: Update to Rails 2.3.14 2011-08-19 01:54:58 -05:00
Jacques Distler
9e909d5be3 Update Rails, rails_xss and Bundler
Update Bundler to 1.0.15.
Update Rails to 2.3.12.
Update rails_xss plugin.

The latter two were the
source of a considerable
amount of grief, as rails_xss
is now MUCH stricter about what
string methods can be used.

Also made it possible to use
rake 0.9.x with Instiki. But
you probably REALLY want to use

 ruby bundle exec rake ...

instead of just saying

 rake ....
2011-06-15 00:43:38 -05:00
Jacques Distler
844ce0ed40 Rails 2.3.11, S5 Editing bug.
Upgrade to Rails 2.3.11.
Fix a bug where the SVG-Edit button would not appear
when editing S5 slideshows.
2011-02-18 23:36:23 -06:00
Jacques Distler
cebd381d0d Instiki 0.19.1
tex_list, Rails 2.3.10, etc.
2010-10-15 10:47:59 -05:00
Jacques Distler
ef30cc22df Update to Rails 2.3.9 and itextomml 1.3.27 2010-09-05 15:24:15 -05:00
Jacques Distler
f0635301aa Update to Rails 2.3.8 2010-05-25 12:45:45 -05:00
Jacques Distler
76f388f3e2 Vendor Rack 1.0.1
Incorporate patch from Revision 496.
2009-12-18 20:16:58 -06:00
Jacques Distler
a7202d54cd Workaround Ruby 1.9.1 tempfile Bug
Add a patch (from Passenger 2.2.8) to
vendored Rack, which works around a bug
in Ruby 1.9.1. This patch to Rack has been
floating around the intertubes for a while.
2009-12-18 11:45:26 -06:00
Jacques Distler
e3832c6f79 Rails 2.3.5
Upgrade to Rails 2.3.5.
Also work around this bug:
 https://rails.lighthouseapp.com/projects/8994/tickets/3524
created by the aforementioned
Rails release.
2009-11-30 19:38:34 -06:00
Jacques Distler
4bdf703ab2 Instiki 0.17.2: Security Release
This release upgrades Instiki to Rails 2.3.4, which
patches two security holes in Rails. See

  http://weblog.rubyonrails.org/2009/9/4/ruby-on-rails-2-3-4

There are also some new features, and the usual boatload
of bugfixes. See the CHANGELOG for details.
2009-09-05 02:01:46 -05:00
Jacques Distler
664552ac02 Rails 2.3.3.1
Update to latest Rails.
A little bit of jiggery-pokery is involved, since they
neglected to re-include vendored Rack in this release.
2009-08-04 10:16:03 -05:00
Jacques Distler
7448b7981b Minor fixes
1) WEBrick should respond to TERM signals
(needed by MacOSX and, perhaps, others).
2) HTTP redirects for redirected pages should be 301's.
3) Add a flash message for redirection to "new" page
when the target of "show" action is not found.
2009-06-14 22:55:41 -05:00
Jacques Distler
e2ccdfd812 Instiki 0.16.5
Update to Rails 2.3.2 (the stable Rails 2.3 release).
Add audio/speex support
Update CHANGELOG
Bump version number
2009-03-16 09:55:30 -05:00
Jacques Distler
5e7d2cf973 Rails 2.3.1
Update to the release version of Rails 2.3.1.
2009-03-05 07:54:17 -06:00
Jacques Distler
8ea8b6a8f7 <video> and x-sendfile
Using <object> and <embed> were forbidden for obvious
security reasons. Instiki now permits embedding video
via the HTML5 <video> element (Ogg/Theora encoded videos
only, with .ogg or .ogv extensions). You can even upload
videos with

    [[foo.ogg:video]]

Instiki now support x-sendfile. See the Proxying page for
configuring Apache (with the x-sendfile module). Lighttpd
should work similarly.

Update Rails to latest Edge (hopefully converging on RC2!).
2009-03-02 02:32:25 -06:00
Jacques Distler
133c21b801 Bugfixes and Rails Edge
Update to Rails 2.3.1.
  (Actually, not quite. Doesn't look like 2.3.1 will be released
   today, but I REALLY want to push these bugfixes out.)
Removed bundled Rack (Rails 2.3.1 comes bundled with Rack 1.0).
Add
     config.action_view.cache_template_loading = true
  to production environment.
Fix FastCGI bug (http://rubyforge.org/tracker/index.php?func=detail&aid=24191&group_id=186&atid=783).
Fix WikiWords bug (http://rubyforge.org/pipermail/instiki-users/2009-February/001181.html).
2009-02-27 19:23:00 -06:00
Jacques Distler
7f2b16e78d File Upload Fixes
Dunno why this was buggered again. ":back" doesn't seem to function as it used to.
Also, when uploading a file from page "foo", it's important to return to "foo" after
a successful upload, rather than redirecting to the HomePage.

Finally, a favicon tweak.
2009-02-18 01:40:11 -06:00
Jacques Distler
4e14ccc74d Instiki 0.16.3: Rails 2.3.0
Instiki now runs on the Rails 2.3.0 Candidate Release.
Among other improvements, this means that it now 
automagically selects between WEBrick and Mongrel.

Just run

    ./instiki --daemon
2009-02-04 14:26:08 -06:00
Jacques Distler
2e81ca2d30 Rails 2.2.2
Updated to Rails 2.2.2.
Added a couple more Ruby 1.9 fixes, but that's pretty much at a standstill,
until one gets Maruku and HTML5lib working right under Ruby 1.9.
2008-11-24 15:53:39 -06:00
Jacques Distler
7600aef48b Upgrade to Rails 2.2.0
As a side benefit, fix an (non-user-visible) bug in display_s5().
Also fixed a bug where removing orphaned pages did not expire cached summary pages.
2008-10-27 01:47:01 -05:00
Jacques Distler
8d1d8a5693 Security: Response Splitting
Apply a patch to close the Response Splitting vulnerability in Rails.
See

   http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk
2008-10-20 14:22:17 -05:00
Jacques Distler
d4f97345db Rails 2.1.1
Among other things, a security fix.
2008-09-07 00:54:05 -05:00
Jacques Distler
516d6dfac0 Rails 2.1
Update to Rails 2.1 final.
2008-06-02 01:35:38 -05:00
Jacques Distler
5292899c9a Rails 2.1 RC1
Updated Instiki to Rails 2.1 RC1 (aka 2.0.991).
2008-05-17 23:22:34 -05:00
Jason Blevins
f1106428dc Included a test for page names with spaces.
Upgraded to Rails 2.0.2 routing code.  Kept the "old" CGI-style escaping rather than using URI.escape.
2007-12-24 16:02:14 -05:00
Jacques Distler
6873fc8026 Upgrade to Rails 2.0.2
Upgraded to Rails 2.0.2, except that we maintain

   vendor/rails/actionpack/lib/action_controller/routing.rb

from Rail 1.2.6 (at least for now), so that Routes don't change. We still
get to enjoy Rails's many new features.

Also fixed a bug in Chunk-handling: disable WikiWord processing in tags (for real this time).
2007-12-21 01:48:59 -06:00
Jacques Distler
207fb1f7f2 New Version
Sync with Latest Instiki Trunk.
Migrate to Rails 1.2.5.
Bump version number.
2007-10-15 12:16:54 -05:00
Jacques Distler
b0e316e37c Minor Fixes
Get rid of Redefined CONSTANT warning.
Make WEBrick respond to TERM signal. (Launchd, in particular, requires this.)
Rollback superfluous change to rails/actionpack/lib/action_controller/base.rb. Handled by the action_cache plugin.
2007-10-01 22:09:51 -05:00
Jacques Distler
457ec8627c ETag Support from Edge-Rails
Added ETag support from

   http://dev.rubyonrails.org/changeset/6158
2007-05-18 16:53:58 -05:00
Jacques Distler
9b9d134ad9 Fix upgrade to Rails 1.2.3.
Fix log-rotation (the previous attempt didn't quite work as advertised).
2007-03-21 15:37:29 -05:00
Jacques Distler
7adac51d6d Sync with latest Instiki trunk. Changes:
1) Upgrade Rails to 1.2.3
2) Revert RedCloth to previous version (who %#$@ cares?)
3) Preserve the Rails Security fix  to vendor/rails/actionpack/lib/action_controller/caching.rb from Revision 80.
2007-03-18 11:56:12 -05:00
Jacques Distler
46a456b3ad Security: ensure that the file system cache is not world-writable 2007-03-10 11:05:52 -06:00
Jacques Distler
bba0cf6b10 Ooops! Fixed upgrade of Rails. 2007-02-09 17:12:31 -06:00
Jacques Distler
c358389f25 TeX and CSS tweaks.
Sync with latest Instiki Trunk
(Updates Rails to 1.2.2)
2007-02-09 02:04:31 -06:00
Jacques Distler
69b62b6f33 Checkout of Instiki Trunk 1/21/2007. 2007-01-22 07:43:50 -06:00