X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/b9f7a57f94b006f51253467f5c473700619c0fd5..1ecd251ffa28f851273654599f2d05c4bd552e16:/debian/changelog diff --git a/debian/changelog b/debian/changelog index 34c36c06e..8ad4ab502 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,36 @@ -ikiwiki (1.45) UNRELEASED; urgency=low +ikiwiki (1.47) unstable; urgency=low + + * Fix a security hole that allowed insertion of unsafe content via the meta + plugins's support for inserting html link and meta tags. Now such content + is passed through the htmlscrubber like everything else. + * Unfortunatly, that means that some valid uses of those tags are no longer + usable, and special case methods needed to be added for including + stylesheets, and for doing openid delegation. If you use either of these + in your wiki, it will need to be modified. See the meta plugin docs + for details. + + -- Joey Hess Wed, 21 Mar 2007 14:05:00 -0400 + +ikiwiki (1.46) unstable; urgency=low + + * Fix a bug with inlined create page links, including Discussion links on + blog post pages. The links will now create pages relative to the page that + actually contains the link. + * French update. Closes: #414597 + * Fix some broken logic in cgi creation of a subpage when a toplevel page + with the same name already exists, and generally simplify the edit code. + * Make ikiwiki -verbose -setup with a setup file that enabled syslog logging + output the verbose build log to stdout, rather than to the syslog. + * Detect the case of two people independently creating the same page at the + same time, and let the second person resolve the conflict. + * Applied a patch from Michał to make the mercurial backend pass --quiet to + hg. + * Fix a security hole that allowed a web user to insert arbitrary html in + the title of a page due to missing escaping of titles in the meta plugin. + + -- Joey Hess Wed, 21 Mar 2007 01:51:30 -0400 + +ikiwiki (1.45) unstable; urgency=low * Allow for underscores to appear in page titles, if encoded appropriately (__95__) in filenames. Previously, all underscores were replaced with @@ -6,8 +38,30 @@ ikiwiki (1.45) UNRELEASED; urgency=low * Add "template" option to inline plugin to allow for use of customised templates. * Add titlepage template for inline plugin. - - -- Joey Hess Tue, 6 Mar 2007 14:16:21 -0500 + * Add preview parameter to preprocesser calls, use this rather than the + previous ugly hack used to avoid writing rss feeds in previews. + * Fix the img plugin to avoid overwriting images in previews. Instead it + does all the work to make sure the resizing works, and dummys up a resized + image using width and height attributes. + * Also fixes img preview display, the links were wrong in preview before. + * Add a sparkline plugin. + * Add a postsparkline plugin. + * The slash escaping when adding to a blog from the CGI was not working + since it ended up being double-escaped. Instead, just remove slashes. + * Fix some nasty issues with page name escaping during previewing + (introduced in 1.44). + * Add a table plugin, derived from the one written by Victor Moral. + * The underscore escaping support exposed a bug in edit links: Such links + were titlepage escaped in the urls, and then doubly escaped by the CGI + when editing. To fix this, I removed the titlepage escaping in the edit + urls. + * That means that *every edit link* on the wiki is potentially changed. + Rebuilding wikis on upgrade to this version therefore necessary; enabled + that in postinst. + * Correct a deadlock that could occur in post-commit if the aggregate plugin + was enabled and tried to lock the already locked wiki. + + -- Joey Hess Sat, 10 Mar 2007 21:11:05 -0500 ikiwiki (1.44) unstable; urgency=low