doc: changelog update

restructure error handling to prevent reflected XSS
bump version to 3.0.1
2017-08-13 18:27:04 +12:00 · 2017-08-13 18:25:58 +12:00 · 2017-08-13 18:07:29 +12:00 · 2017-08-13 18:05:34 +12:00 · 2017-08-13 18:05:28 +12:00 · 2017-08-13 18:04:26 +12:00
24 changed files with 120 additions and 68 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -6,5 +6,5 @@ build/
 cmd/yatwiki-server/yatwiki-server
 # Development db files
-cmd/yatwiki-server/wiki.db
+cmd/yatwiki-server/*.db
 cmd/yatwiki-server/config.json
--- a/AuthorHash.go
+++ b/AuthorHash.go
@@ -1,4 +1,4 @@
-package yatwiki3
+package yatwiki
 import (
 	"crypto/md5"
@@ -11,8 +11,16 @@ func RemoteAddrToIPAddress(remoteAddr string) string {
 	return strings.TrimRight(strings.TrimRight(remoteAddr, `0123456789`), `:`) // trim trailing port; IPv4 and IPv6-safe
 }
-func Author(r *http.Request) string {
+func Author(r *http.Request, trustXForwardedFor bool) string {
 	userAgentHash := md5.Sum([]byte(r.UserAgent()))
-	return RemoteAddrToIPAddress(r.RemoteAddr) + "-" + hex.EncodeToString(userAgentHash[:])[:6]
+	ipAddress := RemoteAddrToIPAddress(r.RemoteAddr)
 	if trustXForwardedFor {
 		if xff := r.Header.Get("X-Forwarded-For"); len(xff) > 0 {
 			ipAddress = xff
 		}
 	}
 	return ipAddress + "-" + hex.EncodeToString(userAgentHash[:])[:6]
 }
--- a/DB.go
+++ b/DB.go
@@ -1,4 +1,4 @@
-package yatwiki3
+package yatwiki
 import (
 	"database/sql"
--- a/4
+++ b/4
@@ -2,7 +2,7 @@
 # Makefile for YATWiki3
 #
-VERSION:=3.0
+VERSION:=3.0.2
 SOURCES:=Makefile \
 	static \
@@ -34,7 +34,7 @@ clean:
 #
 staticResources.go: static/ static/*
-	go-bindata -o staticResources.go -prefix static -pkg yatwiki3 static
+	go-bindata -o staticResources.go -prefix static -pkg yatwiki static
 #
--- a/ServerOptions.go
+++ b/ServerOptions.go
@@ -1,4 +1,4 @@
-package yatwiki3
+package yatwiki
 import (
 	"time"
@@ -13,6 +13,7 @@ type ServerOptions struct {
 	DBFilePath           string
 	FaviconFilePath      string
 	AllowDBDownload      bool
 	TrustXForwardedFor   bool // Introduced in 3.0.1 - default false
 	RecentChanges        int
 	RecentChangesRSS     int
 	GzipCompressionLevel int
@@ -32,6 +33,7 @@ func DefaultOptions() *ServerOptions {
 		DBFilePath:           "wiki.db",
 		FaviconFilePath:      "", // no favicon
 		AllowDBDownload:      true,
 		TrustXForwardedFor:   false,
 		RecentChanges:        20,
 		RecentChangesRSS:     10,
 		GzipCompressionLevel: 9,
--- a/WikiServer.go
+++ b/WikiServer.go
@@ -1,4 +1,4 @@
-package yatwiki3
+package yatwiki
 import (
 	"database/sql"
@@ -37,7 +37,13 @@ func NewWikiServer(opts *ServerOptions) (*WikiServer, error) {
 		}
 	}
-	tmpl, err := template.New("yatwiki/page").Parse(pageTemplate)
+	tmpl := template.New("yatwiki/page")
 	tmpl.Funcs(map[string]interface{}{
 		"pathcomponent": func(s string) string {
 			return url.PathEscape(s)
 		},
 	})
 	_, err = tmpl.Parse(pageTemplate)
 	if err != nil {
 		return nil, err
 	}
@@ -128,7 +134,7 @@ func (this *WikiServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			return
 		} else if remainingPath == "" {
-			this.serveRedirect(w, this.opts.ExpectBaseURL+`view/`+url.QueryEscape(this.opts.DefaultPage))
+			this.serveRedirect(w, this.opts.ExpectBaseURL+`view/`+url.PathEscape(this.opts.DefaultPage))
 			return
 		} else if remainingPath == "random" {
@@ -139,11 +145,11 @@ func (this *WikiServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			}
 			chosenArticle := titles[rand.Intn(len(titles))]
-			this.serveRedirect(w, this.opts.ExpectBaseURL+`view/`+url.QueryEscape(chosenArticle))
+			this.serveRedirect(w, this.opts.ExpectBaseURL+`view/`+url.PathEscape(chosenArticle))
 			return
 		} else if strings.HasPrefix(remainingPath, "view/") {
-			articleTitle, err := url.QueryUnescape(remainingPath[len("view/"):])
+			articleTitle, err := url.PathUnescape(remainingPath[len("view/"):])
 			if err != nil {
 				this.serveErrorMessage(w, err)
 				return
@@ -152,7 +158,7 @@ func (this *WikiServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			return
 		} else if strings.HasPrefix(remainingPath, "modify/") {
-			articleTitle, err := url.QueryUnescape(remainingPath[len("modify/"):])
+			articleTitle, err := url.PathUnescape(remainingPath[len("modify/"):])
 			if err != nil {
 				this.serveErrorMessage(w, err)
 				return
@@ -161,7 +167,7 @@ func (this *WikiServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			return
 		} else if strings.HasPrefix(remainingPath, "history/") {
-			articleTitle, err := url.QueryUnescape(remainingPath[len("history/"):])
+			articleTitle, err := url.PathUnescape(remainingPath[len("history/"):])
 			if err != nil {
 				this.serveErrorMessage(w, err)
 				return
@@ -255,13 +261,13 @@ func (this *WikiServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 				return
 			}
-			err = this.db.SaveArticle(title, Author(r), body, int64(expectRev))
+			err = this.db.SaveArticle(title, Author(r, this.opts.TrustXForwardedFor), body, int64(expectRev))
 			if err != nil {
 				this.serveErrorMessage(w, err)
 				return
 			}
-			this.serveRedirect(w, this.opts.ExpectBaseURL+`view/`+url.QueryEscape(title))
+			this.serveRedirect(w, this.opts.ExpectBaseURL+`view/`+url.PathEscape(title))
 			return
 		}
--- a/_dist/README.txt
+++ b/_dist/README.txt
@@ -28,9 +28,23 @@ You can start YATWiki by running the binary. A default configuration file and da
        Bind address (default "127.0.0.1:80")
 `
 =GO GET=
 This package can be installed via go get: `go get code.ivysaur.me/yatwiki`
 [go-get]code.ivysaur.me/yatwiki git https://git.ivysaur.me/code.ivysaur.me/yatwiki.git[/go-get]
 =CHANGELOG=
-2017-07-11 v3.0
+2017-08-11 3.0.2
 - Fix an issue with XSS prevention for web browsers other than Chrome
 2017-08-11 3.0.1
 - Feature: New `TrustXForwardedFor` config option for usage behind reverse proxies
 - Fix an issue with article titles containing `+`
 - Fix an issue with `[html]` tags
 - Fix an issue with viewing history for unknown articles
 2017-07-11 3.0
 - YATWiki was rewritten in Go.
 - Enhancement: Standalone binary server
 - Enhancement: No longer requires cookies for error messages
@@ -43,11 +57,13 @@ You can start YATWiki by running the binary. A default configuration file and da
 - Fix a number of issues with handling of base URLs in links
 - Fix a cosmetic issue with file caching for CSS content
-2016-11-16 (no public release)
+2016-11-16 20161116
 - (no public release)
 - Enhancement: Always open the formatting help in a new tab
 - Fix a cosmetic issue with display of backslash characters caused by Meiryo font
-2016-08-24 (no public release)
+2016-08-24 20160824
 - (no public release)
 - Feature: Add Compare button to both top and bottom of article revision list
 - Fix an issue with noncompliant HTML when comparing diffs
--- a/bbcode.go
+++ b/bbcode.go
@@ -1,4 +1,4 @@
-package yatwiki3
+package yatwiki
 import (
 	"encoding/json"
@@ -45,10 +45,10 @@ func (this *BBCodeRenderer) bbcode(data string) string {
 		pregReplaceRule{regexp.MustCompile(`(?si)\[\*\]`), `</li><li>`, nil},
 		pregReplaceRule{regexp.MustCompile(`(?si)\[url=(.*?)\](.*?)\[/url\]`), `<a rel="noreferrer" href="$1">$2</a>`, nil},
 		pregReplaceRule{regexp.MustCompile(`(?si)\[article=(.*?)\](.*?)\[/article\]`), "", func(m []string) string {
-			return `<a href="` + template.HTMLEscapeString(this.baseUrl+`view/`+url.QueryEscape(m[1])) + `">` + m[2] + `</a>`
+			return `<a href="` + template.HTMLEscapeString(this.baseUrl+`view/`+url.PathEscape(m[1])) + `">` + m[2] + `</a>`
 		}},
 		pregReplaceRule{regexp.MustCompile(`(?si)\[rev=(.*?)\](.*?)\[/rev\]`), "", func(m []string) string {
-			return `<a href="` + template.HTMLEscapeString(this.baseUrl+`archive/`+url.QueryEscape(m[1])) + `">` + m[2] + `</a>`
+			return `<a href="` + template.HTMLEscapeString(this.baseUrl+`archive/`+url.PathEscape(m[1])) + `">` + m[2] + `</a>`
 		}},
 		pregReplaceRule{regexp.MustCompile(`(?si)\[imgur\](.*?)\.(...)\[/imgur\]`),
@@ -177,7 +177,7 @@ func (this *BBCodeRenderer) displayfmt(s string) string {
 		}
 		epos += spos
-		jsonInnerContent, _ := json.Marshal(s[spos : epos-spos])
+		jsonInnerContent, _ := json.Marshal(s[spos:epos])
 		ret += `<div class="html"><a href="javascript:;" onclick="` + template.HTMLEscapeString(`els(this, `+string(jsonInnerContent)+`);`) + `">` + this.DynamicContentWarning + `</a></div>`
 		hpos = epos + 7
--- a/cmd/yatwiki-server/main.go
+++ b/cmd/yatwiki-server/main.go
@@ -8,7 +8,7 @@ import (
 	"net/http"
 	"os"
-	"code.ivysaur.me/yatwiki3"
+	"code.ivysaur.me/yatwiki"
 )
 func main() {
@@ -17,13 +17,13 @@ func main() {
 	configPath := flag.String("config", "config.json", "Configuration file")
 	flag.Parse()
-	opts := yatwiki3.ServerOptions{}
+	opts := yatwiki.ServerOptions{}
 	cfg, err := ioutil.ReadFile(*configPath)
 	if err != nil {
 		if os.IsNotExist(err) {
-			opts = *yatwiki3.DefaultOptions()
+			opts = *yatwiki.DefaultOptions()
 			if cfg, err := json.MarshalIndent(opts, "", "\t"); err == nil {
 				err := ioutil.WriteFile(*configPath, cfg, 0644)
 				if err != nil {
@@ -43,7 +43,7 @@ func main() {
 		}
 	}
-	ws, err := yatwiki3.NewWikiServer(&opts)
+	ws, err := yatwiki.NewWikiServer(&opts)
 	if err != nil {
 		fmt.Fprintln(os.Stderr, err.Error())
 		os.Exit(1)
--- a/gzflate.go
+++ b/gzflate.go
@@ -1,4 +1,4 @@
-package yatwiki3
+package yatwiki
 import (
 	"bytes"
--- a/pageTemplate.go
+++ b/pageTemplate.go
@@ -1,4 +1,4 @@
-package yatwiki3
+package yatwiki
 import (
 	"fmt"
@@ -17,7 +17,9 @@ type pageTemplateOptions struct {
 	LoadCodeResources    bool
 	DefaultPage          string
 	AllowDownload        bool
-	SessionMessage       template.HTML
+	SessionMessage       string
 	PageNotExistsError   bool
 	PageNotExistsTarget  string
 }
 func DefaultPageTemplateOptions(opts *ServerOptions) *pageTemplateOptions {
@@ -85,13 +87,13 @@ function els(e,s){ // no js exec in innerHTML
 	</head>
 	<body>
 		<div class="header">
-			<a href="{{.BaseURL}}view/{{.DefaultPage | urlquery}}" title="Home"><div class="sprite hm"></div></a>
+			<a href="{{.BaseURL}}view/{{.DefaultPage | pathcomponent}}" title="Home"><div class="sprite hm"></div></a>
 			<a href="javascript:;" onclick="tid('spm');tid('tr1');tid('tr2');" title="Menu"><div class="sprite sp"></div></a>
-			<a href="{{.BaseURL}}modify/{{.NewArticleTitle | urlquery}}" title="New Page"><div class="sprite nw"></div></a>
+			<a href="{{.BaseURL}}modify/{{.NewArticleTitle | pathcomponent}}" title="New Page"><div class="sprite nw"></div></a>
 {{if .CurrentPageIsArticle }}
 			<div class="sep"></div>
-			<a href="{{.BaseURL}}history/{{.CurrentPageName | urlquery}}" title="Page History"><div class="sprite hs"></div></a>
+			<a href="{{.BaseURL}}history/{{.CurrentPageName | pathcomponent}}" title="Page History"><div class="sprite hs"></div></a>
-			<a href="{{.BaseURL}}modify/{{.CurrentPageName | urlquery}}" title="Modify Page"><div class="sprite ed"></div></a>
+			<a href="{{.BaseURL}}modify/{{.CurrentPageName | pathcomponent}}" title="Modify Page"><div class="sprite ed"></div></a>
 {{end}}
 		</div>
 		<div id="tr1" style="display:none;"></div>
@@ -105,6 +107,12 @@ function els(e,s){ // no js exec in innerHTML
 {{end}}
 		</div>
 		<div class="content">
 {{if .PageNotExistsError}}
 			<div class="info">
 				No such article exists.
 				<a href="{{.BaseURL}}modify/{{.PageNotExistsTarget | pathcomponent}}">Click here</a> to create it.
 			</div>
 {{end}}
 {{if len .SessionMessage}}
 			<div class="info">{{.SessionMessage}}</div>
 {{end}}
--- a/rArchive.go
+++ b/rArchive.go
@@ -1,4 +1,4 @@
-package yatwiki3
+package yatwiki
 import (
 	"database/sql"
@@ -30,7 +30,7 @@ func (this *WikiServer) routeArchive(w http.ResponseWriter, r *http.Request, rev
 		`<div class="info">`+
 			`You are viewing specific revision of this page, last modified `+
 			time.Unix(a.Modified, 0).In(this.loc).Format(this.opts.DateFormat)+`. `+
-			`Click <a href="`+template.HTMLEscapeString(this.opts.ExpectBaseURL+`view/`+url.QueryEscape(a.Title))+`">here</a> to see the latest revision.`+
+			`Click <a href="`+template.HTMLEscapeString(this.opts.ExpectBaseURL+`view/`+url.PathEscape(a.Title))+`">here</a> to see the latest revision.`+
 			`</div>`,
 	) + bcr.RenderHTML(string(a.Body))
 	pto.LoadCodeResources = bcr.CodePresent
--- a/rDiff.go
+++ b/rDiff.go
@@ -1,4 +1,4 @@
-package yatwiki3
+package yatwiki
 import (
 	"bytes"
@@ -8,7 +8,7 @@ import (
 	"html/template"
 	"net/http"
-	"code.ivysaur.me/yatwiki3/diff"
+	"code.ivysaur.me/yatwiki/diff"
 )
 func (this *WikiServer) routeDiff(w http.ResponseWriter, r *http.Request, oldRev, newRev int) {
--- a/rErrors.go
+++ b/rErrors.go
@@ -1,4 +1,4 @@
-package yatwiki3
+package yatwiki
 import (
 	"html/template"
@@ -8,12 +8,8 @@ import (
 	"time"
 )
-func (this *WikiServer) noSuchArticleError(title string) template.HTML {
+func (this *WikiServer) serveErrorMessage(w http.ResponseWriter, err error) {
-	return template.HTML(`No such article exists. <a href="` + this.opts.ExpectBaseURL + `modify/` + template.HTMLEscapeString(url.QueryEscape(title)) + `">Click here</a> to create it.`)
+	this.serveErrorText(w, err.Error())
 }
 func (this *WikiServer) serveErrorMessage(w http.ResponseWriter, message error) {
 	this.serveErrorHTMLMessage(w, template.HTML(template.HTMLEscapeString(message.Error())))
 }
 func (this *WikiServer) serveInternalError(w http.ResponseWriter, r *http.Request, e error) {
@@ -21,8 +17,12 @@ func (this *WikiServer) serveInternalError(w http.ResponseWriter, r *http.Reques
 	http.Error(w, "An internal error occurred. Please ask an administrator to check the log file.", 500)
 }
-func (this *WikiServer) serveErrorHTMLMessage(w http.ResponseWriter, msg template.HTML) {
+func (this *WikiServer) serveErrorText(w http.ResponseWriter, msg string) {
-	this.serveRedirect(w, this.opts.ExpectBaseURL+"view/"+url.QueryEscape(this.opts.DefaultPage)+"?error="+url.QueryEscape(string(msg)))
+	this.serveRedirect(w, this.opts.ExpectBaseURL+"view/"+url.PathEscape(this.opts.DefaultPage)+"?error="+url.QueryEscape(msg))
 }
 func (this *WikiServer) serveNoSuchArticle(w http.ResponseWriter, lookingFor string) {
 	this.serveRedirect(w, this.opts.ExpectBaseURL+"view/"+url.PathEscape(this.opts.DefaultPage)+"?notfound="+url.QueryEscape(lookingFor))
 }
 func (this *WikiServer) serveRedirect(w http.ResponseWriter, location string) {
@@ -32,7 +32,14 @@ func (this *WikiServer) serveRedirect(w http.ResponseWriter, location string) {
 func (this *WikiServer) servePageResponse(w http.ResponseWriter, r *http.Request, pto *pageTemplateOptions) {
 	w.WriteHeader(200)
-	pto.SessionMessage = template.HTML(r.URL.Query().Get("error")) // FIXME reflected XSS (although Chrome automatically blocks it..)
+
 	if noSuchArticleTarget, ok := r.URL.Query()["notfound"]; ok {
 		pto.PageNotExistsError = true
 		pto.PageNotExistsTarget = noSuchArticleTarget[0]
 	} else {
 		pto.SessionMessage = r.URL.Query().Get("error")
 	}
 	err := this.pageTmp.Execute(w, pto)
 	if err != nil {
@@ -46,5 +53,5 @@ func (this *WikiServer) formatTimestamp(m int64) string {
 }
 func (this *WikiServer) viewLink(articleTitle string) template.HTML {
-	return template.HTML(`&quot;<a href="` + template.HTMLEscapeString(this.opts.ExpectBaseURL+`view/`+url.QueryEscape(articleTitle)) + `">` + template.HTMLEscapeString(articleTitle) + `</a>&quot;`)
+	return template.HTML(`&quot;<a href="` + template.HTMLEscapeString(this.opts.ExpectBaseURL+`view/`+url.PathEscape(articleTitle)) + `">` + template.HTMLEscapeString(articleTitle) + `</a>&quot;`)
 }
--- a/rFormatting.go
+++ b/rFormatting.go
@@ -1,4 +1,4 @@
-package yatwiki3
+package yatwiki
 import (
 	"net/http"
--- a/rHistory.go
+++ b/rHistory.go
@@ -1,4 +1,4 @@
-package yatwiki3
+package yatwiki
 import (
 	"database/sql"
@@ -12,7 +12,7 @@ func (this *WikiServer) routeHistory(w http.ResponseWriter, r *http.Request, art
 	revs, err := this.db.GetRevisionHistory(articleTitle)
 	if err != nil {
 		if err == sql.ErrNoRows {
-			this.serveErrorHTMLMessage(w, this.noSuchArticleError(articleTitle))
+			this.serveNoSuchArticle(w, articleTitle)
 			return
 		}
@@ -20,12 +20,17 @@ func (this *WikiServer) routeHistory(w http.ResponseWriter, r *http.Request, art
 		return
 	}
 	if len(revs) == 0 {
 		this.serveNoSuchArticle(w, articleTitle)
 		return
 	}
 	pto := DefaultPageTemplateOptions(this.opts)
 	pto.CurrentPageName = articleTitle
 	pto.CurrentPageIsArticle = true
 	content := `<h2>Page History</h2><br>` +
-		`<em>There have been ` + fmt.Sprintf("%d", len(revs)) + ` edits to the page &quot;<a href="` + template.HTMLEscapeString(this.opts.ExpectBaseURL+`view/`+url.QueryEscape(articleTitle)) + `">` + template.HTMLEscapeString(articleTitle) + `</a>&quot;.</em>` +
+		`<em>There have been ` + fmt.Sprintf("%d", len(revs)) + ` edits to the page &quot;<a href="` + template.HTMLEscapeString(this.opts.ExpectBaseURL+`view/`+url.PathEscape(articleTitle)) + `">` + template.HTMLEscapeString(articleTitle) + `</a>&quot;.</em>` +
 		`<br><br>` +
 		`<form method="GET" action="` + template.HTMLEscapeString(this.opts.ExpectBaseURL+`diff`) + `">` +
 		`<table>`
--- a/rIndex.go
+++ b/rIndex.go
@@ -1,4 +1,4 @@
-package yatwiki3
+package yatwiki
 import (
 	"fmt"
@@ -22,7 +22,7 @@ func (this *WikiServer) routeIndex(w http.ResponseWriter, r *http.Request) {
 	content := fmt.Sprintf(`<h2>Article Index</h2><br><em>There are %d edits to %d pages.</em><br><br><ul>`, totalRevs, len(titles))
 	for _, title := range titles {
-		content += `<li><a href="` + template.HTMLEscapeString(this.opts.ExpectBaseURL+`view/`+url.QueryEscape(title)) + `">` + template.HTMLEscapeString(title) + `</a></li>`
+		content += `<li><a href="` + template.HTMLEscapeString(this.opts.ExpectBaseURL+`view/`+url.PathEscape(title)) + `">` + template.HTMLEscapeString(title) + `</a></li>`
 	}
 	content += `</ul>`
--- a/rModify.go
+++ b/rModify.go
@@ -1,4 +1,4 @@
-package yatwiki3
+package yatwiki
 import (
 	"database/sql"
@@ -32,7 +32,7 @@ func (this *WikiServer) routeModify(w http.ResponseWriter, r *http.Request, arti
 		pageTitleHTML = `Creating new article`
 		baseRev = 0
 	} else {
-		pageTitleHTML = `Editing article &quot;<a href="` + template.HTMLEscapeString(this.opts.ExpectBaseURL+`view/`+url.QueryEscape(articleTitle)) + `">` + template.HTMLEscapeString(articleTitle) + `</a>&quot;`
+		pageTitleHTML = `Editing article &quot;<a href="` + template.HTMLEscapeString(this.opts.ExpectBaseURL+`view/`+url.PathEscape(articleTitle)) + `">` + template.HTMLEscapeString(articleTitle) + `</a>&quot;`
 		baseRev = a.ID
 		existingBody = string(a.Body)
 	}
--- a/rRSS.go
+++ b/rRSS.go
@@ -1,4 +1,4 @@
-package yatwiki3
+package yatwiki
 import (
 	"fmt"
@@ -33,7 +33,7 @@ func (this *WikiServer) routeRecentChangesRSS(w http.ResponseWriter, r *http.Req
 			<author>` + template.HTMLEscapeString(this.opts.DeclareRSSEmail+` (`+this.opts.PageTitle+` `+a.Author+`)`) + `</author>
 			<pubDate>` + template.HTMLEscapeString(time.Unix(a.Modified, 0).In(this.loc).Format(time.RFC1123Z)) + `</pubDate>
 			<description>` + template.HTMLEscapeString(`
-				<a href="`+template.HTMLEscapeString(this.opts.ExternalBaseURL+`view/`+url.QueryEscape(a.Title))+`">latest version</a>
+				<a href="`+template.HTMLEscapeString(this.opts.ExternalBaseURL+`view/`+url.PathEscape(a.Title))+`">latest version</a>
 				|
 				<a href="`+template.HTMLEscapeString(this.opts.ExternalBaseURL+`archive/`+fmt.Sprintf("%d", a.ID))+`">revision `+fmt.Sprintf("%d", a.ID)+`</a>
 				|
--- a/rRawView.go
+++ b/rRawView.go
@@ -1,4 +1,4 @@
-package yatwiki3
+package yatwiki
 import (
 	"database/sql"
--- a/rRecentChanges.go
+++ b/rRecentChanges.go
@@ -1,4 +1,4 @@
-package yatwiki3
+package yatwiki
 import (
 	"errors"
@@ -41,7 +41,7 @@ func (this *WikiServer) routeRecentChanges(w http.ResponseWriter, r *http.Reques
 		`<table>`
 	for _, rev := range recents {
 		content += `<tr>` +
-			`<td><a href="` + template.HTMLEscapeString(this.opts.ExpectBaseURL+`view/`+url.QueryEscape(rev.Title)) + `">` + template.HTMLEscapeString(rev.Title) + `</a>` +
+			`<td><a href="` + template.HTMLEscapeString(this.opts.ExpectBaseURL+`view/`+url.PathEscape(rev.Title)) + `">` + template.HTMLEscapeString(rev.Title) + `</a>` +
 			` [<a href="` + template.HTMLEscapeString(this.opts.ExpectBaseURL+`archive/`+fmt.Sprintf("%d", rev.ID)) + `">a</a>]` +
 			`</td>` +
 			`<td>` + this.formatTimestamp(rev.Modified) + ` by ` + template.HTMLEscapeString(rev.Author) + `</td>` +
--- a/rView.go
+++ b/rView.go
@@ -1,4 +1,4 @@
-package yatwiki3
+package yatwiki
 import (
 	"database/sql"
@@ -15,11 +15,11 @@ func (this *WikiServer) routeView(w http.ResponseWriter, r *http.Request, articl
 			// If this was an old link, it might not be present.
 			// Redirect if possible
 			if len(articleTitle) > 0 && articleTitle[len(articleTitle)-1] == '/' {
-				this.serveRedirect(w, this.opts.ExpectBaseURL+"view/"+url.QueryEscape(articleTitle[0:len(articleTitle)-1]))
+				this.serveRedirect(w, this.opts.ExpectBaseURL+"view/"+url.PathEscape(articleTitle[0:len(articleTitle)-1]))
 				return
 			}
-			this.serveErrorHTMLMessage(w, this.noSuchArticleError(articleTitle))
+			this.serveNoSuchArticle(w, articleTitle)
 			return
 		}
 		this.serveErrorMessage(w, err)
--- a/regex.go
+++ b/regex.go
@@ -1,4 +1,4 @@
-package yatwiki3
+package yatwiki
 import (
 	"regexp"
--- a/staticResources.go
+++ b/staticResources.go
@@ -4,7 +4,7 @@
 // static/wiki.css
 // DO NOT EDIT!
-package yatwiki3
+package yatwiki
 import (
 	"bytes"
Author	SHA1	Message	Date
mappu	e3cee5b94c	doc: changelog update	2017-08-13 18:27:04 +12:00
mappu	e4cf02cde7	restructure error handling to prevent reflected XSS	2017-08-13 18:25:58 +12:00
mappu	06e5b4ddf9	bump version to 3.0.1	2017-08-13 18:07:29 +12:00
mappu	dbf5e1b246	gitignore	2017-08-13 18:05:34 +12:00
mappu	fbad854279	doc: preliminary changelog update	2017-08-13 18:05:28 +12:00
mappu	d78429129f	also use path escaping function for whole-template links	2017-08-13 18:04:26 +12:00
mappu	d937ea6562	prevent viewing history for unknown articles	2017-08-13 17:58:01 +12:00
mappu	884acd3040	remove debugging code	2017-08-13 17:53:21 +12:00
mappu	e515d73052	use PathEscape instead of QueryEscape for titles in URLs	2017-08-13 17:51:44 +12:00
mappu	c87eaa637a	doc: preliminary changelog update	2017-08-13 17:33:27 +12:00
mappu	043720a086	new TrustXForwardedFor option	2017-08-13 17:32:54 +12:00
mappu	a12af6967c	fix crash with [html] tags	2017-08-13 17:28:44 +12:00
mappu	9792c262a2	readme: fix version tags for download alignment on website	2017-08-13 13:52:40 +12:00
mappu	6d9079e1dc	doc: update git repo in docs	2017-07-12 18:46:49 +12:00
mappu	1c4505a2d9	rename package yatwiki3->yatwiki	2017-07-12 18:43:11 +12:00
mappu	11a4f97212	bump all versions to 3.0.1	2017-07-12 18:41:39 +12:00
mappu	74b3124997	doc: add 'go get' information to readme	2017-07-11 20:23:17 +12:00