Commit graph

81 commits

Author SHA1 Message Date
Jacques Distler 94476d9865 More Tests
Enable unit tests for the HTML5lib Sanitizer (used in the <nowiki>
environment).
2009-01-05 22:13:09 -06:00
Jacques Distler 52c1f74ecc Add a couple of XSS tests.
Some more tests from Clint Ruoho. The main branch of Instiki (and, I guess,
the old sanitizer) are vulnerable.

Also: under Ruby 1.8.x, CGI.unescapeHTML screws up horribly decoding NCRs
which represent high-bit ASCII characters. UTF-8 agrees with 7-bit ASCII,
but CGI.unescapeHTML doesn't seem to know that they disagree for i>127.
2009-01-05 16:25:27 -06:00
Jacques Distler bdcb506418 Two Bugs
1) Orphaned pages in a Category were not being listed correctly
2) "list" view was not being expired correctly on deletion of orphaned pages.
2009-01-01 02:38:12 -06:00
Jacques Distler c3c33b68dd Multiple leading capital letters in a WikiWord
CMyApp  is a WikiWord (at least, on other Wiki systems, like TWiki).
Should allow that here

Also, choose a more obscure name for the thread-local variable tracking
included chunks.
2008-12-25 17:41:35 -06:00
Jacques Distler 61c3fb1ab9 Bump Version Number
Version 0.16

Also, allow Includes of single-letter pages.
2008-12-24 13:11:53 -06:00
Jacques Distler 1b54b695c3 Single Letter WikiLinks
Another request from the old (and apparently defunct) Instiki Bug Tracker:
allow single letter WikiLinks, e.g. "[[a]]". Requested by a Japanese user.

Fixed.
2008-12-22 23:57:21 -06:00
Jacques Distler 1192f70f44 @import In Published View
In the Stylesheet Tweaks, the owner of a Web can specify an @import rule
to pull in CSS styles form an external file. This worked in the "show"
view, but was broken in the "published" view.

Fixed.

Also, update a functional test to match Revision 313.
2008-12-22 12:19:18 -06:00
Jacques Distler 8373befa0b Tests for Recursive Include Fix 2008-12-21 13:31:59 -06:00
Jacques Distler dcd3e63ae8 Nowiki Include
Previously,
   <nowiki>[[!include foo]]</nowiki>
would produce some garbage, like
   chunk18226682includechunk
instead of the desired rendered text,
   [[!include foo]]

Fixed.
2008-12-20 23:24:50 -06:00
Jacques Distler 7828d79d35 Password Mismatch
When setting a password for a Web (on the "Edit Web" page),
ensure that the password matches. Previously, the "verify"
field was a placebo.
2008-12-20 17:54:54 -06:00
Jacques Distler 1f816af24b Uploaded Pictures Should Display in "Published" Mode 2008-12-20 13:56:50 -06:00
Jacques Distler 3929fceaf8 Fix buglet in xhtmldiff
Fixes one of two formely broken unit tests.
2008-12-18 22:12:23 -06:00
Jacques Distler 8eb59105ea Fix a Functional Test
For inexplicable reasons, this test passes on my system, even though (as
previously written) it shouldn't. Fixed now.
2008-12-17 14:11:14 -06:00
Jacques Distler f842013243 Require required?
At least on some systems (not mine), it seems to be.
2008-12-17 10:38:34 -06:00
Jacques Distler 05b76f7625 Philip Taylor Freakout Edition
Doubtless, he would have been fleetingly ecstatic.
Alas, he a) probably doesn't subscribe to the bzr feed,
and b) is probably asleep at the moment.
2008-12-17 01:42:24 -06:00
Jacques Distler 5d2b0da4d5 Faster
Update dnsbl_check plugin to latest version.
Update Maruku to latest version.
In the wiki_controller, only apply the dnsbl_check before_filter 
  to the :edit, :new, and :save actions, instead of all actions.
  This makes mundane "show" requests faster, but does not 
  compromise spam-fighting ability.
2008-12-16 00:40:30 -06:00
Jacques Distler 34fcd7943a Some Tests
Some functional tests for 'delete orphaned pages by category'.
2008-12-07 00:24:25 -06:00
Jacques Distler 513b2b16c1 Better
Put the "safe" XHTML sanitization in lib/santize.rb, rather than in lib/chunks/nowiki.rb.
D'oh!
2008-12-01 10:29:46 -06:00
Jacques Distler 758325923f Fix another ill-Formedness hole
The html5lib sanitizer does not necessarily produce well-formed output.
Take some "bad" input, wrap it in a <nowiki> tag and -- bingo! -- you get
ill-formed output.

Fixed. (Though, probably, one should fix the html5lib sanitizer, instead.)
2008-11-30 21:44:52 -06:00
Jacques Distler 2e81ca2d30 Rails 2.2.2
Updated to Rails 2.2.2.
Added a couple more Ruby 1.9 fixes, but that's pretty much at a standstill,
until one gets Maruku and HTML5lib working right under Ruby 1.9.
2008-11-24 15:53:39 -06:00
Jacques Distler 1b69b148de More Ruby 1.9 Compatibility fixes
Still a long way to go, but these will help.
2008-11-12 09:47:24 -06:00
Jacques Distler daa12e575d Mo Better Exception Handling
A little more cleanup of Instiki's exception handling.
Add some tests.
2008-11-06 10:38:25 -06:00
Jacques Distler bceb1864df Fixes
Fix Session CookieOverflow bug when rescuing an InstikiValidation error.
Fix some random things which will cause problems with Ruby 1.9. (Plenty
more where those came from.)
2008-11-05 22:24:14 -06:00
Jacques Distler 39348c65c2 Make Andrea Happy
Use a counter, instead of rand() to aid in generating unique IDs in Maruku.
Add Unit test for the Theorem Environment.
2008-10-25 00:52:59 -05:00
Jacques Distler e48b000c11 Tweak from Ari Stern
Match Maruku Revision 184: change wrapper for embedded TeX in display equation from
a <div> to a <span>.
2008-10-23 22:44:53 -05:00
Jacques Distler 2fb41f12ce Automatic Theorem Numbering
Can now refer to numbered theorems by \ref{...}, as in LaTeX
2008-10-20 00:24:22 -05:00
Jacques Distler 34082fbf94 Theorem Environments
Implement amsthm-like Theorem environments with Maruku.
Support is based on Maruku "div"s with special class-names.
Classes
    num_*
produce numbered environments, and

    un_*

produce un-numbered environments, where * is one of

   theorem     (for Theorem)
   lemma       (for Lemma)
   prop        (for Proposition)
   cor         (for Corollary)
   def         (for Definition)
   example     (for Example)
   remark      (for Remark)
   note        (for Note)

In addition, the class

   proof

produces a Proof environment.

The LaTeX export works as expected, and these also work in the S5 view.

Bumped version number.
2008-10-17 16:26:17 -05:00
Jacques Distler d2c4c8737c Match itex2MML 1.3.6
Add support for \sslash macro.
2008-09-05 16:45:07 -05:00
Jacques Distler 867d4e8787 A Few More MIME-Type Tests 2008-08-20 22:35:41 -05:00
Jacques Distler 863d60c578 Fix IE7+MathPlayer Bug
IE7+MathPlayer do *not* like the charset parameter to be set in the
Content-Type header. Forcing Rails to omit that parameter is surprisingly
difficult.
2008-08-20 00:22:12 -05:00
Jacques Distler ca1e8de89c Minor Cleanups
Remove a no-longer-needed function.
&apos; -> &39;
Fix regexp for tag chunk.
2008-05-22 02:46:45 -05:00
Jacques Distler f6508de6dd Whoops!
In some circumstances, the new Sanitizer was double-escaping text nodes.
Fixed (with unit test).
2008-05-21 14:14:43 -05:00
Jacques Distler 45405fc97e New Sanitizer Goes Live
The new sanitizer seems to work well (cuts the time required
to produce the Instiki Atom feed in half). Our strategy is to
use HTML5lib for <nowiki> content, but to use the new sanitizer
for content that has been processed by Maruku (and hence is
well-formed).

The one broken unit test won't affect us (since it dealt with
very malformed HTML).
2008-05-21 02:06:31 -05:00
Jacques Distler 800880f382 Rough In New Sanitizer
Start work (which may not pan out) on a new sanitizer. Right now, it passes
all but 1 of the HTML5lib Sanitizer's unit tests. But it doesn't do much
of anything to ensure well-formedness. This is not an issue for Maruku-processed
content, but it is a concern for <nowiki> blocks.

(One solution would be to use the HTML5lib parser on <nowiki> blocks.)

In any case, this baby is 3 times as fast as the HTML5lib sanitizer.
2008-05-20 17:02:10 -05:00
Jacques Distler 5292899c9a Rails 2.1 RC1
Updated Instiki to Rails 2.1 RC1 (aka 2.0.991).
2008-05-17 23:22:34 -05:00
Jacques Distler 14afed5893 Test for Entity-handling 2008-05-17 15:02:16 -05:00
Jacques Distler 41346bf8bd Efficiency: Entity handling
Previously, used a regexp to find and convert named entities in the content.
Now use a more efficient algorithm.
Similar tweak for converting NCRs before checking whether text is valid utf-8.
2008-05-17 01:43:11 -05:00
Jacques Distler 5ca0760f7c Efficiency: Sanitize Once
Envoke the HTML5lib Sanitizer just once (when the content is finally rendered),
rather than each time it passes through the chunk-handler.
2008-05-15 01:22:13 -05:00
Jacques Distler cd5c19e530 Routes
Make remove_orphaned_pages work in a proxied situation.
Also, "fix" a busted functional test. I'm not happy with
 this one. We're enforcing plain-text titles (which, I think,
 is the correct thing to do), but sending them as type="html",
 which then requires double-encoding.
2008-05-03 19:02:56 -05:00
Jacques Distler 8243cf9289 Fix broken functional test
From Revision 223.
2008-03-13 20:09:23 -05:00
Jacques Distler 5dd0507acc Support svg:foreignObject
Fixes to the html5lib sanitizer and maruku to support the SVG <foreignObject> element.
Also update to the latest REXML.
2008-02-03 23:56:17 -06:00
Jacques Distler 5db9ddaf47 Fix Busted Functional Tests
Fix the functional tests busted by Revision 212.
Sync with latest HTML5lib.
2008-01-21 11:59:55 -06:00
Jacques Distler 6359d06ed1 Bug in Include Chunk-handler
Fix the chunk-handler for [[!include ...]] so that it behaves as expected.
2008-01-16 11:28:43 -06:00
Jacques Distler 4586614914 Misc Cleanup
Cleaned up some dependencies, and added a mime_types.yml file for Mongrel-compatibility.
2008-01-14 14:46:38 -06:00
Jacques Distler 38ae064b8a Bundle Latest REXML
Sam Ruby has been doing a bang-up job fixing the bugs in REXML.
Who knows when these improvements will trickle down to vendor distributions of Ruby.
In the meantime, let's bundle the latest version of REXML with Instiki.
We check the version number of the bundled REXML against that of the System REXML, and use whichever is later.
2008-01-11 23:53:29 -06:00
Jacques Distler ebc409e1a0 Ensure the_content REALLY is utf-8
Our check that the the_content was valid utf-8 was rather busted.
This one works right. In particular, we needed to expand NCRs before checking.
2008-01-03 15:27:03 -06:00
Jacques Distler c89aeb6665 Some Tests for Philip Taylor Phun 'n Games
Some tests for the illegal Unicode characters in search queries (and elsewhere).
2008-01-02 02:33:05 -06:00
Jason Blevins f1106428dc Included a test for page names with spaces.
Upgraded to Rails 2.0.2 routing code.  Kept the "old" CGI-style escaping rather than using URI.escape.
2007-12-24 16:02:14 -05:00
Jason Blevins feed609d86 Removed unneeded test dependencies. 2007-12-24 15:33:39 -05:00
Jacques Distler e74deb0cfb Unit test
Add a unit test for previous WikiWord fix.
2007-12-21 08:53:45 -06:00