This is the first post to this example blog. To add new posts, just add
files to the posts/ subdirectory, or use the web form.
+
+And is this ever edited again ? Looking for blog software and learning perl...
--- /dev/null
+I'd like to be able to use the Apache XBitHack to enable Server Side Includes on my site. Yes, it is possible to enable SSI by setting the page extension to .shtml, and that is what I am doing at the moment.
+However, the disadvantage of this approach is that the server does not give a LastModified header, which means that the content can't be cached. However, the way that I am using SSI is such that the main content of the page really is "last modified" when the page was last modified, so I'd like to be able to indicate that. And using the XBitHack - that is, setting the executable bit on the generated page - would enable me to do that.
+
+I gather from the [[security]] page that having the executable bit set on files is considered a security hole, but how big a hole would it be if I'm the only one editing the site? Is there a way, a somewhat safe way, of implementing XBitHack for IkiWiki?
+
+-- [[KathrynAndersen]]
* [pmate](http://pmate.nfshost.com)'s homepage and [blog](http://pmate.nfshost.com/blog/)
* [tychoish.com](http://tychoish.com/) - a blog/wiki mashup. blog posts are "rhizomes."
* [Martin Burmester](http://www.martin-burmester.de/)
-* [Øyvind A. Holm (sunny256)](http://www.sunbase.org)
+* [Øyvind A. Holm (sunny256)](http://www.sunbase.org) — Read my Ikiwiki praise [here](http://www.sunbase.org/blog/why_ikiwiki/).
Please feel free to add your own ikiwiki site!
-This plugin is still in development. Currently it does bring up the login page and the login page does, with proper credentials, log in the user, but the returning page goes to prefs. I have no idea why.
+This plugin has been abandoned while still in development. Currently it does bring up the login page and the login page does, with proper credentials, log in the user, but the returning page goes to prefs. I have no idea why. I decided to go in another direction so if someone wants to take over then please do so. Otherwise I have no problem if this page needs to be deleted. [[users/justint/]]
Place this code into a page:
upgrading to one of these versions if your wiki can be edited by third
parties.
-## javascript insertation via insufficient htmlscrubbing of comments
+## javascript insertion via insufficient htmlscrubbing of comments
Kevin Riggle noticed that it was not possible to configure
`htmlscrubber_skip` to scrub comments while leaving unscubbed the text
These problems were discovered on 12 November 2010 and fixed the same
hour with the release of ikiwiki 3.20101112. ([[!cve CVE-2010-1673]])
-## javascript insertation via insufficient checking in comments
+## javascript insertion via insufficient checking in comments
Dave B noticed that attempting to comment on an illegal page name could be
used for an XSS attack.
> whenever a page is posted or edited, and gets the changed content, it can
> simply scan it for urls (may have to htmlize first?), and send pings to
> all urls found. --[[Joey]]
+
+>> Is there any update on this? This would be highly useful and is the main reason why I am not using my blog more regularly, yet. (And yes, now that git-annex is doing everything I need and more, I thought I should revisit this one, as well). -- RichiH
sipb-www / ikiwiki.git / commitdiff
