This release upgrades Instiki to Rails 2.3.4, which
patches two security holes in Rails. See
http://weblog.rubyonrails.org/2009/9/4/ruby-on-rails-2-3-4
There are also some new features, and the usual boatload
of bugfixes. See the CHANGELOG for details.
Should be to the published action. This
didn't work right for inter-web links.
(Reported by Mike Shulman)
Also, change some .length's to .size's
(for Andrew Stacey)
Web#files_path and Web#blatex_pngs_path now return Pathname objects.
Based on JHerdman's
5d1e8f420b
but requires several other changes to the code (which assumed a string).
Also, test for itex2MML 1.3.10 (you should update that too).
1. Ensure that "rollback" respects locked pages.
2. Expire revisions of an edited page. Use a before_save
hook to deal with the situation where a page's name
has been changed.
1) WEBrick should respond to TERM signals
(needed by MacOSX and, perhaps, others).
2) HTTP redirects for redirected pages should be 301's.
3) Add a flash message for redirection to "new" page
when the target of "show" action is not found.
Added the ability to rename existing pages.
[[!redirects Some Page Name]] redirects Wikilinks [[Some Page Name]] to
the current page (assuming "Some Page Name" does not exist).
Real pages trump redirects (though this may change, depending on
user feedback).
From Jason Blevins:
Create a "History" page for each wiki page.
Link to it, and to the "Diff" page from "Recently Revised".
Also, correct a bug in listing/deleting links to uploaded
video and audio files.
Add support, in the LaTeX export, for blackboard bold
digits and lowercase latin letters. If these are
present, LaTeX will
\usepackage{mathbbol}
N.B.: this uses the stmaryrd font for blackboard bold
letters, instead of the msbm font.
Tests included. (Yes, you need to update itex2MML as well.)
Using <object> and <embed> were forbidden for obvious
security reasons. Instiki now permits embedding video
via the HTML5 <video> element (Ogg/Theora encoded videos
only, with .ogg or .ogv extensions). You can even upload
videos with
[[foo.ogg:video]]
Instiki now support x-sendfile. See the Proxying page for
configuring Apache (with the x-sendfile module). Lighttpd
should work similarly.
Update Rails to latest Edge (hopefully converging on RC2!).
Dunno why this was buggered again. ":back" doesn't seem to function as it used to.
Also, when uploading a file from page "foo", it's important to return to "foo" after
a successful upload, rather than redirecting to the HomePage.
Finally, a favicon tweak.
A Maruku-syntax <div> with an unclosed IAL (and, it seems, at least one equation)
would cause Instiki to hang. Badly. Requiring a 'kill -9' to terminate it.
Reverting the OpenDiv and CloseDiv Regexps to my, more simple-minded, versions
fixes the problem.
Instiki now runs on the Rails 2.3.0 Candidate Release.
Among other improvements, this means that it now
automagically selects between WEBrick and Mongrel.
Just run
./instiki --daemon
On Webs with file uploads enabled, uploaded files were stored
(in version 0.16.1 and earlier) in the public/ directory.
This was a security threat. A miscreant could upload a .html file.
When a user clicked on the link to the file, it was opened (unsanitized)
in the browser.
As of version 0.16.2, uploaded files are stored in the webs/
directory. Now, when the user clicks on the link, the file is sent
with the
Content-Disposition: attachment
header set, which causes the file to be downloaded, rather than opened
in the browser. As always, files downloaded from the internets should be
treated with caution. At least, this way, they are not aoutomatically
opened in the browser.
To move your existing uploaded files to the new location, do a
rake upgrade_instiki
When a Web uses one of the Markdown Text Filters, and you export
all the pages as a zip file, you'd like the MathML and SVG to
render when the pages are viewed locally. This means saving them
with a .xhtml extension. Users of non-XHTML-capable browsers or
Textile users should still get .html files.
For the file_list action, include the pages which link to the given file(s).
This required rejiggering so that that information is actually retained in the database.
Unfortunately, you'll actually need to revise the page(s) in question, because that's the
only time this information is updated in the database.
Make this version (minimally) usable with Textile Markup:
For Webs with "Textile", "RDoc" or "Mixed" markup option selected,
send text/html instead of application/xhtml+xml. This makes this
software minimally usable with those markup dialects.
"Markdown+itex2MML", "Markdown+BlahTeX/PNG" and "Markdown" should work
as before, sending application/xhtml+xml to capable browsers.
Bump the version number.
Deleting a page removes all revisions of that page.
Deleting a Web removes all pages (and all revisions thereof)
and all wiki_files belonging to that Web.
In the Stylesheet Tweaks, the owner of a Web can specify an @import rule
to pull in CSS styles form an external file. This worked in the "show"
view, but was broken in the "published" view.
Fixed.
Also, update a functional test to match Revision 313.
Be a little gentler in recovering from Instiki::ValidationErrors, when saving a page.
Previously, we threw away all the user's changes upon the redirect. Now we attempt
to salvage what he wrote.
Update dnsbl_check plugin to latest version.
Update Maruku to latest version.
In the wiki_controller, only apply the dnsbl_check before_filter
to the :edit, :new, and :save actions, instead of all actions.
This makes mundane "show" requests faster, but does not
compromise spam-fighting ability.
Links to a published web should be to the 'publish' action, not to the
'show' action. Previously, the published status of the source, not the target
was used.
Also, correct display of the Navigation Links for the 'published' action.
Updated to Rails 2.2.2.
Added a couple more Ruby 1.9 fixes, but that's pretty much at a standstill,
until one gets Maruku and HTML5lib working right under Ruby 1.9.
Fix Session CookieOverflow bug when rescuing an InstikiValidation error.
Fix some random things which will cause problems with Ruby 1.9. (Plenty
more where those came from.)
Implement amsthm-like Theorem environments with Maruku.
Support is based on Maruku "div"s with special class-names.
Classes
num_*
produce numbered environments, and
un_*
produce un-numbered environments, where * is one of
theorem (for Theorem)
lemma (for Lemma)
prop (for Proposition)
cor (for Corollary)
def (for Definition)
example (for Example)
remark (for Remark)
note (for Note)
In addition, the class
proof
produces a Proof environment.
The LaTeX export works as expected, and these also work in the S5 view.
Bumped version number.
Make session secret persist across restarts. (Been meaning to do this for
a while: no more "stale cookie" warnings fter restarting the server.
Avoid cookie overflow in session store.
IE7+MathPlayer do *not* like the charset parameter to be set in the
Content-Type header. Forcing Rails to omit that parameter is surprisingly
difficult.
Start work (which may not pan out) on a new sanitizer. Right now, it passes
all but 1 of the HTML5lib Sanitizer's unit tests. But it doesn't do much
of anything to ensure well-formedness. This is not an issue for Maruku-processed
content, but it is a concern for <nowiki> blocks.
(One solution would be to use the HTML5lib parser on <nowiki> blocks.)
In any case, this baby is 3 times as fast as the HTML5lib sanitizer.
Previously, used a regexp to find and convert named entities in the content.
Now use a more efficient algorithm.
Similar tweak for converting NCRs before checking whether text is valid utf-8.
In each session, keep only the 30 most recent :form_keys generated by form_spam_protection.
This should be more than enough for ordinary usage, but prevents the session data from
becoming inordinately large.
Also, burnt-orange rulz!
Upgraded to Rails 2.0.2, except that we maintain
vendor/rails/actionpack/lib/action_controller/routing.rb
from Rail 1.2.6 (at least for now), so that Routes don't change. We still
get to enjoy Rails's many new features.
Also fixed a bug in Chunk-handling: disable WikiWord processing in tags (for real this time).
Put in dummy macros for \statusline and \toggle.
Added colour definitions for HTML named colours.
Remaining unimplemented:
\color{#HHH} and \color{#HHHHHH}
\bgcolor
\array
\righttoleftarrow
\lefttorightarrow
The file upload dialog asks for a description of the image or file to be uploaded. Use this as the default alt-text for the image and as a title attribute for a file link.
Apparently, the form_spam_protect plugin only works with HTTP POST, not GET.
Unsafe operations (save and file-upload) should be POSTs anyway.
Fixed.
Also, two broken tests fixed. Only two Unit Tests now fail: both are minor bugs in XHTMLDiff.
Added the remaining LaTeX macros from our list.
What remains is to decide on how to resolve the conflicting definitions of
\binom{}{}
and to supply suitable characters for
\righttoleftarrow
\lefttorightarrow
The plain TeX syntax {A \over B} is unsupported (passed through verbatim, and will cause a LaTeX error).
Get rid of Redefined CONSTANT warning.
Make WEBrick respond to TERM signal. (Launchd, in particular, requires this.)
Rollback superfluous change to rails/actionpack/lib/action_controller/base.rb. Handled by the action_cache plugin.
Fixed a bug in the HTML5lib tokenizer (affects S5 slideshows).
Some miscellaneous code cleanup. In particular, don't bother with zapping control characters;
instead, rely on is_utf8? method to raise an exception (which we do anyway).