ikiwiki.git
6 years agoHow signinview handles the goto leak
http://anastigmatix.net/ [Sat, 25 Oct 2014 16:55:46 +0000 (12:55 -0400)] 
How signinview handles the goto leak

6 years agoAnswer
spalax [Sat, 25 Oct 2014 16:17:16 +0000 (12:17 -0400)] 
Answer

6 years agodo=goto leaks page existence
http://anastigmatix.net/ [Fri, 24 Oct 2014 23:45:23 +0000 (19:45 -0400)] 
do=goto leaks page existence

6 years agoPatch submitted for contrib/ymlfront sticky-metadata issue.
http://anastigmatix.net/ [Fri, 24 Oct 2014 23:20:13 +0000 (19:20 -0400)] 
Patch submitted for contrib/ymlfront sticky-metadata issue.

6 years agoUpdate comment
fr33domlover [Fri, 24 Oct 2014 10:19:54 +0000 (06:19 -0400)] 
Update comment

6 years agoCommand on compile plugin
fr33domlover [Fri, 24 Oct 2014 10:11:56 +0000 (06:11 -0400)] 
Command on compile plugin

6 years agoFeeling out how to present patch for review
http://anastigmatix.net/ [Fri, 24 Oct 2014 00:40:35 +0000 (20:40 -0400)] 
Feeling out how to present patch for review

6 years agoMerge branch 'master' of ssh://git.ikiwiki.info
Joey Hess [Thu, 23 Oct 2014 17:56:21 +0000 (13:56 -0400)] 
Merge branch 'master' of ssh://git.ikiwiki.info

6 years agofile bug
Joey Hess [Thu, 23 Oct 2014 17:55:29 +0000 (13:55 -0400)] 
file bug

6 years agoForgot download link
spalax [Thu, 23 Oct 2014 14:40:14 +0000 (10:40 -0400)] 
Forgot download link

6 years agoTypos...
fr33domlover [Thu, 23 Oct 2014 11:16:26 +0000 (07:16 -0400)] 
Typos...

6 years ago(no commit message)
fr33domlover [Thu, 23 Oct 2014 11:15:55 +0000 (07:15 -0400)] 

6 years ago(no commit message)
fr33domlover [Thu, 23 Oct 2014 11:15:27 +0000 (07:15 -0400)] 

6 years agowishlist: ask about using ikiwiki as ML
fr33domlover [Thu, 23 Oct 2014 11:14:16 +0000 (07:14 -0400)] 
wishlist: ask about using ikiwiki as ML

6 years agowishlist
fr33domlover [Thu, 23 Oct 2014 11:13:19 +0000 (07:13 -0400)] 
wishlist

6 years agoAdded a comment
smcv [Thu, 23 Oct 2014 08:06:51 +0000 (04:06 -0400)] 
Added a comment

6 years agoAdded a comment
smcv [Thu, 23 Oct 2014 07:57:40 +0000 (03:57 -0400)] 
Added a comment

6 years agoAdded a comment
openmedi [Wed, 22 Oct 2014 22:01:43 +0000 (18:01 -0400)] 
Added a comment

6 years agoAdded a comment
fr33domlover [Wed, 22 Oct 2014 16:46:02 +0000 (12:46 -0400)] 
Added a comment

6 years agoNew wishlist item - put /tags page in the basewiki?
fr33domlover [Wed, 22 Oct 2014 08:20:00 +0000 (11:20 +0300)] 
New wishlist item - put /tags page in the basewiki?

6 years ago(no commit message)
openmedi [Tue, 21 Oct 2014 01:11:53 +0000 (21:11 -0400)] 

6 years ago(no commit message)
openmedi [Tue, 21 Oct 2014 01:00:30 +0000 (21:00 -0400)] 

6 years agoHadn't listed any drawbacks for the FastCGI Authorizer idea.
http://anastigmatix.net/ [Mon, 20 Oct 2014 23:58:54 +0000 (19:58 -0400)] 
Hadn't listed any drawbacks for the FastCGI Authorizer idea.

6 years agoReview request for: Let plugins influence what environment variables a wrapper will...
http://anastigmatix.net/ [Mon, 20 Oct 2014 23:07:13 +0000 (19:07 -0400)] 
Review request for: Let plugins influence what environment variables a wrapper will preserve

6 years agoFix dangling link to branch I deleted after merge. Link instead to merged commits...
http://anastigmatix.net/ [Mon, 20 Oct 2014 22:39:55 +0000 (18:39 -0400)] 
Fix dangling link to branch I deleted after merge.  Link instead to merged commits in ikiwiki repo.

6 years agoAdd ikiwiki-comment to shebang_scripts.
Amitai Schlair [Mon, 20 Oct 2014 18:20:41 +0000 (14:20 -0400)] 
Add ikiwiki-comment to shebang_scripts.

6 years agoAdd missing build-depends on libcgi-formbuilder-perl, needed for t/relativity.t
Joey Hess [Mon, 20 Oct 2014 16:28:54 +0000 (12:28 -0400)] 
Add missing build-depends on libcgi-formbuilder-perl, needed for t/relativity.t

6 years agoadd ikiwiki-comment program
Joey Hess [Mon, 20 Oct 2014 16:08:07 +0000 (12:08 -0400)] 
add ikiwiki-comment program

6 years agobit on how inlinability isn't only bad
http://anastigmatix.net/ [Sun, 19 Oct 2014 21:48:47 +0000 (17:48 -0400)] 
bit on how inlinability isn't only bad

6 years agoAdd link to the proposed wrapper generation patch
http://anastigmatix.net/ [Sun, 19 Oct 2014 21:37:46 +0000 (17:37 -0400)] 
Add link to the proposed wrapper generation patch

6 years agoinitial description of signinview plugin
http://anastigmatix.net/ [Sun, 19 Oct 2014 21:07:15 +0000 (17:07 -0400)] 
initial description of signinview plugin

6 years agomore on caching behavior
http://anastigmatix.net/ [Sun, 19 Oct 2014 18:40:02 +0000 (14:40 -0400)] 
more on caching behavior

6 years agomake formatting more consistent
http://anastigmatix.net/ [Sun, 19 Oct 2014 18:17:03 +0000 (14:17 -0400)] 
make formatting more consistent

6 years agodiscuss zoned-ikiwiki implementation approaches, including signinview plugin
http://anastigmatix.net/ [Sun, 19 Oct 2014 18:12:11 +0000 (14:12 -0400)] 
discuss zoned-ikiwiki implementation approaches, including signinview plugin

6 years agoit helps to distinguish some use cases
http://anastigmatix.net/ [Sun, 19 Oct 2014 17:32:52 +0000 (13:32 -0400)] 
it helps to distinguish some use cases

6 years agoalso search
Amitai Schlair [Sun, 19 Oct 2014 17:13:07 +0000 (13:13 -0400)] 
also search

6 years agostart fleshing out "things that make zoned ikiwiki hard"
http://anastigmatix.net/ [Sun, 19 Oct 2014 17:09:33 +0000 (13:09 -0400)] 
start fleshing out "things that make zoned ikiwiki hard"

6 years agosign previous
Amitai Schlair [Sun, 19 Oct 2014 17:08:13 +0000 (13:08 -0400)] 
sign previous

6 years agoMatch word boundary (think "/usr/bin/perl5.18").
Amitai Schlair [Sun, 19 Oct 2014 16:59:53 +0000 (12:59 -0400)] 
Match word boundary (think "/usr/bin/perl5.18").

6 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawlGzzISNi9sKsbbqyRjCZEecyypgaFV56U [Sun, 19 Oct 2014 16:04:48 +0000 (12:04 -0400)] 

6 years ago[patch], patch
https://www.google.com/accounts/o8/id?id=AItOawlGzzISNi9sKsbbqyRjCZEecyypgaFV56U [Sun, 19 Oct 2014 16:04:02 +0000 (12:04 -0400)] 
[patch], patch

6 years agoAdded a comment
openmedi [Fri, 17 Oct 2014 17:23:13 +0000 (13:23 -0400)] 
Added a comment

6 years agoRemove space from perl shebang path.
Amitai Schlair [Fri, 17 Oct 2014 13:05:00 +0000 (09:05 -0400)] 
Remove space from perl shebang path.

6 years agoDisambiguate myself a bit (like that's needed).
Amitai Schlair [Fri, 17 Oct 2014 01:51:18 +0000 (21:51 -0400)] 
Disambiguate myself a bit (like that's needed).

6 years agoreformat
Simon McVittie [Fri, 17 Oct 2014 00:07:50 +0000 (01:07 +0100)] 
reformat

6 years agonews
Simon McVittie [Fri, 17 Oct 2014 00:01:53 +0000 (01:01 +0100)] 
news

6 years agoMerge remote-tracking branch 'refs/remotes/dgit/dgit/sid'
Simon McVittie [Thu, 16 Oct 2014 23:02:33 +0000 (00:02 +0100)] 
Merge remote-tracking branch 'refs/remotes/dgit/dgit/sid'

6 years agorelease
Simon McVittie [Thu, 16 Oct 2014 22:28:35 +0000 (23:28 +0100)] 
release

6 years agodebian: fix some wrong paths in the copyright file
Simon McVittie [Thu, 16 Oct 2014 22:28:23 +0000 (23:28 +0100)] 
debian: fix some wrong paths in the copyright file

6 years agodebian: rename debian/link to debian/links so the intended symlinks appear
Simon McVittie [Thu, 16 Oct 2014 22:04:11 +0000 (23:04 +0100)] 
debian: rename debian/link to debian/links so the intended symlinks appear

6 years agoclose a bug
Simon McVittie [Thu, 16 Oct 2014 22:03:48 +0000 (23:03 +0100)] 
close a bug

6 years agoDrop unused python-support dependency
Simon McVittie [Thu, 16 Oct 2014 21:48:09 +0000 (22:48 +0100)] 
Drop unused python-support dependency

6 years agochangelog so far
Simon McVittie [Thu, 16 Oct 2014 21:44:29 +0000 (22:44 +0100)] 
changelog so far

6 years agobuild-depend on libcgi-pm-perl too, for tests
Simon McVittie [Thu, 16 Oct 2014 21:40:52 +0000 (22:40 +0100)] 
build-depend on libcgi-pm-perl too, for tests

6 years agoExplicitly depend on CGI.pm, which is no longer in Perl core
Simon McVittie [Thu, 16 Oct 2014 08:45:36 +0000 (09:45 +0100)] 
Explicitly depend on CGI.pm, which is no longer in Perl core

I was going to depend on the version that has CGI->param_fetch,
but that has been supported since 2.37, which is older than oldstable.

6 years agoIkiWiki::Plugin::openid: as a precaution, do not call non-coderefs
Amitai Schlair [Wed, 15 Oct 2014 22:52:43 +0000 (23:52 +0100)] 
IkiWiki::Plugin::openid: as a precaution, do not call non-coderefs

We're running under "use strict" here, so if CGI->param's array-context
misbehaviour passes an extra non-ref parameter, it shouldn't be executed
anyway... but it's as well to be safe.

[commit message added by smcv]

6 years agoCall CGI->param_fetch instead of CGI->param in array context
Amitai Schlair [Wed, 15 Oct 2014 21:32:02 +0000 (22:32 +0100)] 
Call CGI->param_fetch instead of CGI->param in array context

CGI->param has the misfeature that it is context-sensitive, and in
particular can expand to more than one scalar in function calls.
This led to a security vulnerability in Bugzilla, and recent versions
of CGI.pm will warn when it is used in this way.

In the situations where we do want to cope with more than one parameter
of the same name, CGI->param_fetch (which always returns an
array-reference) makes the intention clearer.

[commit message added by smcv]

6 years agoMake sure we do not pass multiple CGI parameters in function calls
Simon McVittie [Sat, 11 Oct 2014 08:28:22 +0000 (09:28 +0100)] 
Make sure we do not pass multiple CGI parameters in function calls

When CGI->param is called in list context, such as in function
parameters, it expands to all the potentially multiple values
of the parameter: for instance, if we parse query string a=b&a=c&d=e
and call func($cgi->param('a')), that's equivalent to func('b', 'c').
Most of the functions we're calling do not expect that.

I do not believe this is an exploitable security vulnerability in
ikiwiki, but it was exploitable in Bugzilla.

6 years agoAdded a comment: It was an Apache problem...
https://www.google.com/accounts/o8/id?id=AItOawk8U772S3jDrZJCO0WA5WaDLjJv5mMl6Yw [Thu, 16 Oct 2014 14:57:26 +0000 (10:57 -0400)] 
Added a comment: It was an Apache problem...

6 years agobranch
smcv [Thu, 16 Oct 2014 12:11:52 +0000 (08:11 -0400)] 
branch

6 years agocomment
smcv [Thu, 16 Oct 2014 11:52:05 +0000 (07:52 -0400)] 
comment

6 years agoReplace PayPal and Flattr buttons with text links
Simon McVittie [Wed, 15 Oct 2014 20:56:11 +0000 (21:56 +0100)] 
Replace PayPal and Flattr buttons with text links

In particular, this avoids loading third-party resources from the
offline documentation (see
<https://lintian.debian.org/tags/privacy-breach-donation.html>).

6 years agomention pagespec_alias patches
http://anastigmatix.net/ [Thu, 16 Oct 2014 02:53:41 +0000 (22:53 -0400)] 
mention pagespec_alias patches

6 years agoAdded a comment
smcv [Wed, 15 Oct 2014 23:30:22 +0000 (19:30 -0400)] 
Added a comment

6 years agoAdded a comment
smcv [Wed, 15 Oct 2014 23:26:52 +0000 (19:26 -0400)] 
Added a comment

6 years agoAdded a comment
openmedi [Wed, 15 Oct 2014 18:49:16 +0000 (14:49 -0400)] 
Added a comment

6 years agoAdded a comment
https://www.google.com/accounts/o8/id?id=AItOawlcaGfdn9Kye1Gc8aGb67PDVQW4mKbQD7E [Wed, 15 Oct 2014 13:43:25 +0000 (09:43 -0400)] 
Added a comment

6 years agoAdded a comment
openmedi [Wed, 15 Oct 2014 12:33:40 +0000 (08:33 -0400)] 
Added a comment

6 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawmbuZI4n1RsTe3Yeaqb5F-yhtR7a8BWEIE [Wed, 15 Oct 2014 04:18:10 +0000 (00:18 -0400)] 

6 years agoas usual, macports hasn't moved
Amitai Schlair [Tue, 14 Oct 2014 22:46:41 +0000 (18:46 -0400)] 
as usual, macports hasn't moved

6 years agoAdded a comment
https://www.google.com/accounts/o8/id?id=AItOawlcaGfdn9Kye1Gc8aGb67PDVQW4mKbQD7E [Tue, 14 Oct 2014 22:41:59 +0000 (18:41 -0400)] 
Added a comment

6 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawlobQ5j7hQVIGkwMWW3yKB_DWqthJcpnsQ [Tue, 14 Oct 2014 22:31:11 +0000 (18:31 -0400)] 

6 years agoAdded a comment
https://www.google.com/accounts/o8/id?id=AItOawlcaGfdn9Kye1Gc8aGb67PDVQW4mKbQD7E [Tue, 14 Oct 2014 22:25:13 +0000 (18:25 -0400)] 
Added a comment

6 years agoone report suffices; not yet clear there's a bug
Amitai Schlair [Tue, 14 Oct 2014 22:19:09 +0000 (18:19 -0400)] 
one report suffices; not yet clear there's a bug

6 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawk8U772S3jDrZJCO0WA5WaDLjJv5mMl6Yw [Tue, 14 Oct 2014 13:46:55 +0000 (09:46 -0400)] 

6 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawk8U772S3jDrZJCO0WA5WaDLjJv5mMl6Yw [Tue, 14 Oct 2014 13:20:24 +0000 (09:20 -0400)] 

6 years agoclarify
Amitai Schlair [Mon, 13 Oct 2014 20:21:15 +0000 (16:21 -0400)] 
clarify

6 years agofindings and questions
Amitai Schlair [Mon, 13 Oct 2014 20:13:11 +0000 (16:13 -0400)] 
findings and questions

6 years agoDo not pass ignored sid parameter to checksessionexpiry
Simon McVittie [Sat, 11 Oct 2014 08:28:02 +0000 (09:28 +0100)] 
Do not pass ignored sid parameter to checksessionexpiry

checksessionexpiry's signature changed from
(CGI::Session, CGI->param('sid')) to (CGI, CGI::Session) in commit
985b229b, but editpage still passed the sid as a useless third
parameter, and this was later cargo-culted into remove, rename and
recentchanges.

6 years agocomments: don't log remote IP address for signed-in users
Simon McVittie [Sun, 12 Oct 2014 17:03:28 +0000 (18:03 +0100)] 
comments: don't log remote IP address for signed-in users

The intention was that signed-in users (for instance via httpauth,
passwordauth or openid) are already adequately identified, but
there's nothing to indicate who an anonymous commenter is unless
their IP address is recorded.

6 years agogoogle search plugin: use https for the search
Simon McVittie [Sun, 12 Oct 2014 16:57:14 +0000 (17:57 +0100)] 
google search plugin: use https for the search

6 years agodefault User-Agent changed
smcv [Sun, 12 Oct 2014 16:49:24 +0000 (12:49 -0400)] 
default User-Agent changed

6 years agoSet default User-Agent to something that doesn't mention libwww-perl
Simon McVittie [Sat, 11 Oct 2014 08:43:34 +0000 (09:43 +0100)] 
Set default User-Agent to something that doesn't mention libwww-perl

It appears that both the open-source and proprietary rulesets for
ModSecurity default to blacklisting requests that say they are
from libwww-perl, presumably because some script kiddies use libwww-perl
and are too inept to set a User-Agent that is "too big to blacklist",
like Chrome or the iPhone browser or something. This seems doomed to
failure but whatever.

6 years agoremoved
smcv [Sun, 12 Oct 2014 16:43:14 +0000 (12:43 -0400)] 
removed

6 years agoAdded a comment
smcv [Sun, 12 Oct 2014 16:42:54 +0000 (12:42 -0400)] 
Added a comment

6 years agohelp Markdown make a list
Amitai Schlair [Sun, 12 Oct 2014 16:42:13 +0000 (12:42 -0400)] 
help Markdown make a list

6 years agoAdded a comment: fixed in a recent release, I think
https://www.google.com/accounts/o8/id?id=AItOawlcaGfdn9Kye1Gc8aGb67PDVQW4mKbQD7E [Sun, 12 Oct 2014 16:40:18 +0000 (12:40 -0400)] 
Added a comment: fixed in a recent release, I think

6 years ago(no commit message)
openmedi [Sun, 12 Oct 2014 16:06:59 +0000 (12:06 -0400)] 

6 years agoReplace shebang paths with the build-time $(PERL).
Amitai Schlair [Sun, 12 Oct 2014 15:08:13 +0000 (11:08 -0400)] 
Replace shebang paths with the build-time $(PERL).

On non-Debian systems, /usr/bin/perl might not be the best available
Perl interpreter. Use whichever perl was used to run Makefile.PL,
unless it was "/usr/bin/perl", in which case there's nothing to do.

6 years agoExtract test subs for each site. No change meant.
Amitai Schlair [Sun, 12 Oct 2014 13:30:31 +0000 (09:30 -0400)] 
Extract test subs for each site. No change meant.

6 years agoExtract run_cgi(). No functional change intended.
Amitai Schlair [Sun, 12 Oct 2014 04:01:09 +0000 (00:01 -0400)] 
Extract run_cgi(). No functional change intended.

6 years agoExtract check_generated_content(). Same output.
Amitai Schlair [Sat, 11 Oct 2014 13:52:21 +0000 (09:52 -0400)] 
Extract check_generated_content(). Same output.

6 years agoExtract check_cgi_mode_bits(). No change intended.
Amitai Schlair [Sat, 11 Oct 2014 01:17:39 +0000 (21:17 -0400)] 
Extract check_cgi_mode_bits(). No change intended.

6 years agoExtract thoroughly_rebuild(), a slight test change.
Amitai Schlair [Sat, 11 Oct 2014 00:40:24 +0000 (20:40 -0400)] 
Extract thoroughly_rebuild(), a slight test change.

I didn't try to parameterize when a test should fail when we can't
remove ikiwiki.cgi because there already isn't one. (Hooray, natural
language.) Instead, we stop worrying about it and always tolerate
ENOENT.

6 years agoExtract write_setup_file(). No functional change.
Amitai Schlair [Sat, 11 Oct 2014 00:25:54 +0000 (20:25 -0400)] 
Extract write_setup_file(). No functional change.

Test output differs only by the line numbers of the TODO items.

6 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawmbuZI4n1RsTe3Yeaqb5F-yhtR7a8BWEIE [Fri, 10 Oct 2014 03:47:44 +0000 (23:47 -0400)] 

6 years agoclarify further
smcv [Thu, 9 Oct 2014 18:50:00 +0000 (14:50 -0400)] 
clarify further

6 years agoclarify
smcv [Thu, 9 Oct 2014 18:36:13 +0000 (14:36 -0400)] 
clarify

6 years agoThat's not how that directive is used, and if you want to try stuff out please edit...
smcv [Thu, 9 Oct 2014 18:31:33 +0000 (14:31 -0400)] 
That's not how that directive is used, and if you want to try stuff out please edit the sandbox instead

This reverts commit 856819a733d90a2ca259a5a3b03cc5d84f72e931

6 years ago(no commit message)
https://www.google.com/accounts/o8/id?id=AItOawnquaJWYPCmQoY-kgn8wH1Ey7WOCB6zcRY [Thu, 9 Oct 2014 18:10:16 +0000 (14:10 -0400)]