code.ivysaur.me/yatwiki
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: code.ivysaur.me:v3.0.1
Branches Tags
code.ivysaur.me:master
code.ivysaur.me:v3.3.1 code.ivysaur.me:v3.3.0 code.ivysaur.me:v3.2.0 code.ivysaur.me:v3.1.3 code.ivysaur.me:v3.1.2 code.ivysaur.me:v3.1.1 code.ivysaur.me:v3.1.0 code.ivysaur.me:v3.0.2 code.ivysaur.me:v3.0.1 code.ivysaur.me:v3.0.0
...
compare: code.ivysaur.me:v3.1.1
Branches Tags
code.ivysaur.me:master
code.ivysaur.me:v3.3.1 code.ivysaur.me:v3.3.0 code.ivysaur.me:v3.2.0 code.ivysaur.me:v3.1.3 code.ivysaur.me:v3.1.2 code.ivysaur.me:v3.1.1 code.ivysaur.me:v3.1.0 code.ivysaur.me:v3.0.2 code.ivysaur.me:v3.0.1 code.ivysaur.me:v3.0.0

10 Commits
v3.0.1 ... v3.1.1

Author SHA1 Message Date
mappu
2bc26c5966 bump version to 3.1.1 2017-10-15 20:01:59 +13:00
mappu
f5767db840 load contented without jquery, but it's present by the callback 2017-10-15 20:00:04 +13:00
mappu
edf88d1f31 doc: changelog update 2017-10-15 19:58:04 +13:00
mappu
262c3ba903 contented: update integration to 1.1.0 2017-10-15 19:56:03 +13:00
mappu
a260d102ee doc: update readme, bump version to 3.1.0 2017-10-08 17:09:15 +13:00
mappu
179617d058 contented integration 2017-10-08 17:08:26 +13:00
mappu
5347efb51a bump version to 3.0.3 2017-08-13 18:29:21 +12:00
mappu
e3cee5b94c doc: changelog update 2017-08-13 18:27:04 +12:00
mappu
e4cf02cde7 restructure error handling to prevent reflected XSS 2017-08-13 18:25:58 +12:00
mappu
06e5b4ddf9 bump version to 3.0.1 2017-08-13 18:07:29 +12:00
8 changed files with 59 additions and 14 deletions
Expand all files Collapse all files

2
Makefile
View File

@@ -2,7 +2,7 @@
# Makefile for YATWiki3 # Makefile for YATWiki3
# #
VERSION:=3.0.1 VERSION:=3.1.1
SOURCES:=Makefile \ SOURCES:=Makefile \
static \ static \

2
ServerOptions.go
View File

@@ -21,6 +21,7 @@ type ServerOptions struct {
ExternalBaseURL string ExternalBaseURL string
DeclareRSSLanguage string DeclareRSSLanguage string
DeclareRSSEmail string DeclareRSSEmail string
ContentedServer string
} }
func DefaultOptions() *ServerOptions { func DefaultOptions() *ServerOptions {
@@ -41,5 +42,6 @@ func DefaultOptions() *ServerOptions {
ExternalBaseURL: "http://127.0.0.1/", ExternalBaseURL: "http://127.0.0.1/",
DeclareRSSLanguage: "en-GB", DeclareRSSLanguage: "en-GB",
DeclareRSSEmail: `nobody@example.com`, DeclareRSSEmail: `nobody@example.com`,
ContentedServer: "",
} }
} }

10
_dist/README.txt
View File

@@ -14,6 +14,7 @@ As of the 3.0 release, YATWiki is now a standalone server instead of a PHP scrip
- IP-based ban system - IP-based ban system
- Article index, random article, download database backup - Article index, random article, download database backup
- Source code highlighting (thanks [url=https://github.com/isagalaev/highlight.js]highlight.js[/url]) - Source code highlighting (thanks [url=https://github.com/isagalaev/highlight.js]highlight.js[/url])
- Optional integration with `contented` for file/image uploads
Written in Golang, PHP Written in Golang, PHP
@@ -35,6 +36,15 @@ This package can be installed via go get: `go get code.ivysaur.me/yatwiki`
=CHANGELOG= =CHANGELOG=
2017-10-15 3.1.1
- Update `contented` integration (requires `contented` >= 1.1.0)
2017-10-08 3.1.0
- Feature: Support content upload to a `contented` server
2017-08-11 3.0.2
- Fix an issue with XSS prevention for web browsers other than Chrome
2017-08-11 3.0.1 2017-08-11 3.0.1
- Feature: New `TrustXForwardedFor` config option for usage behind reverse proxies - Feature: New `TrustXForwardedFor` config option for usage behind reverse proxies
- Fix an issue with article titles containing `+` - Fix an issue with article titles containing `+`

10
pageTemplate.go
View File

@@ -17,7 +17,9 @@ type pageTemplateOptions struct {
LoadCodeResources bool LoadCodeResources bool
DefaultPage string DefaultPage string
AllowDownload bool AllowDownload bool
SessionMessage template.HTML SessionMessage string
PageNotExistsError bool
PageNotExistsTarget string
} }
func DefaultPageTemplateOptions(opts *ServerOptions) *pageTemplateOptions { func DefaultPageTemplateOptions(opts *ServerOptions) *pageTemplateOptions {
@@ -105,6 +107,12 @@ function els(e,s){ // no js exec in innerHTML
{{end}} {{end}}
</div> </div>
<div class="content"> <div class="content">
{{if .PageNotExistsError}}
<div class="info">
No such article exists.
<a href="{{.BaseURL}}modify/{{.PageNotExistsTarget | pathcomponent}}">Click here</a> to create it.
</div>
{{end}}
{{if len .SessionMessage}} {{if len .SessionMessage}}
<div class="info">{{.SessionMessage}}</div> <div class="info">{{.SessionMessage}}</div>
{{end}} {{end}}

25
rErrors.go
View File

@@ -8,12 +8,8 @@ import (
"time" "time"
) )
func (this *WikiServer) noSuchArticleError(title string) template.HTML { func (this *WikiServer) serveErrorMessage(w http.ResponseWriter, err error) {
return template.HTML(`No such article exists. <a href="` + this.opts.ExpectBaseURL + `modify/` + template.HTMLEscapeString(url.PathEscape(title)) + `">Click here</a> to create it.`) this.serveErrorText(w, err.Error())
}
func (this *WikiServer) serveErrorMessage(w http.ResponseWriter, message error) {
this.serveErrorHTMLMessage(w, template.HTML(template.HTMLEscapeString(message.Error())))
} }
func (this *WikiServer) serveInternalError(w http.ResponseWriter, r *http.Request, e error) { func (this *WikiServer) serveInternalError(w http.ResponseWriter, r *http.Request, e error) {
@@ -21,8 +17,12 @@ func (this *WikiServer) serveInternalError(w http.ResponseWriter, r *http.Reques
http.Error(w, "An internal error occurred. Please ask an administrator to check the log file.", 500) http.Error(w, "An internal error occurred. Please ask an administrator to check the log file.", 500)
} }
func (this *WikiServer) serveErrorHTMLMessage(w http.ResponseWriter, msg template.HTML) { func (this *WikiServer) serveErrorText(w http.ResponseWriter, msg string) {
this.serveRedirect(w, this.opts.ExpectBaseURL+"view/"+url.PathEscape(this.opts.DefaultPage)+"?error="+url.QueryEscape(string(msg))) this.serveRedirect(w, this.opts.ExpectBaseURL+"view/"+url.PathEscape(this.opts.DefaultPage)+"?error="+url.QueryEscape(msg))
}
func (this *WikiServer) serveNoSuchArticle(w http.ResponseWriter, lookingFor string) {
this.serveRedirect(w, this.opts.ExpectBaseURL+"view/"+url.PathEscape(this.opts.DefaultPage)+"?notfound="+url.QueryEscape(lookingFor))
} }
func (this *WikiServer) serveRedirect(w http.ResponseWriter, location string) { func (this *WikiServer) serveRedirect(w http.ResponseWriter, location string) {
@@ -32,7 +32,14 @@ func (this *WikiServer) serveRedirect(w http.ResponseWriter, location string) {
func (this *WikiServer) servePageResponse(w http.ResponseWriter, r *http.Request, pto *pageTemplateOptions) { func (this *WikiServer) servePageResponse(w http.ResponseWriter, r *http.Request, pto *pageTemplateOptions) {
w.WriteHeader(200) w.WriteHeader(200)
pto.SessionMessage = template.HTML(r.URL.Query().Get("error")) // FIXME reflected XSS (although Chrome automatically blocks it..)
if noSuchArticleTarget, ok := r.URL.Query()["notfound"]; ok {
pto.PageNotExistsError = true
pto.PageNotExistsTarget = noSuchArticleTarget[0]
} else {
pto.SessionMessage = r.URL.Query().Get("error")
}
err := this.pageTmp.Execute(w, pto) err := this.pageTmp.Execute(w, pto)
if err != nil { if err != nil {

4
rHistory.go
View File

@@ -12,7 +12,7 @@ func (this *WikiServer) routeHistory(w http.ResponseWriter, r *http.Request, art
revs, err := this.db.GetRevisionHistory(articleTitle) revs, err := this.db.GetRevisionHistory(articleTitle)
if err != nil { if err != nil {
if err == sql.ErrNoRows { if err == sql.ErrNoRows {
this.serveErrorHTMLMessage(w, this.noSuchArticleError(articleTitle)) this.serveNoSuchArticle(w, articleTitle)
return return
} }
@@ -21,7 +21,7 @@ func (this *WikiServer) routeHistory(w http.ResponseWriter, r *http.Request, art
} }
if len(revs) == 0 { if len(revs) == 0 {
this.serveErrorHTMLMessage(w, this.noSuchArticleError(articleTitle)) this.serveNoSuchArticle(w, articleTitle)
return return
} }

18
rModify.go
View File

@@ -49,6 +49,24 @@ func (this *WikiServer) routeModify(w http.ResponseWriter, r *http.Request, arti
</label> </label>
<input type="submit" value="Save &raquo;"> <input type="submit" value="Save &raquo;">
| <a href="` + template.HTMLEscapeString(this.opts.ExpectBaseURL+`formatting`) + `" target="_blank">formatting&nbsp;help</a> | <a href="` + template.HTMLEscapeString(this.opts.ExpectBaseURL+`formatting`) + `" target="_blank">formatting&nbsp;help</a>
`
if len(this.opts.ContentedServer) > 0 {
content += `
<script type="text/javascript" src="` + this.opts.ContentedServer + `sdk.js"></script>
| <a href="javascript:;" id="open-contented-uploader">upload...</a>
<script type="text/javascript">
document.getElementById("open-contented-uploader").addEventListener("click", function() {
contented.init("#contentctr", function(items) {
for (var i = 0; i < items.length; ++i) {
$("#contentctr textarea").append(" " + contented.getPreviewURL(items[i]) + " ");
}
});
});
</script>
`
}
content += `
</div> </div>
<div id="contentctr"><textarea name="content">` + template.HTMLEscapeString(existingBody) + `</textarea></div> <div id="contentctr"><textarea name="content">` + template.HTMLEscapeString(existingBody) + `</textarea></div>
</form> </form>

2
rView.go
View File

@@ -19,7 +19,7 @@ func (this *WikiServer) routeView(w http.ResponseWriter, r *http.Request, articl
return return
} }
this.serveErrorHTMLMessage(w, this.noSuchArticleError(articleTitle)) this.serveNoSuchArticle(w, articleTitle)
return return
} }
this.serveErrorMessage(w, err) this.serveErrorMessage(w, err)