Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | /wikiedit can now be opened if the user has at least RdWiki permissions, primarily to allow access to the Sandbox for pikchr experimentation. A user without WrWiki still cannot save anything, and users without RdWiki cannot open it at all because it would give them access to the list of wiki pages, which they otherwise aren't privvy to without RdWiki. Also added a RdWiki check to the internal wikiedit ajax routes, as those could have potentially leaked pages to unprivileged users who decoded their internal ajax interfaces. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
bff3df00b80ffe478b89cf2a143445cf |
User & Date: | stephan 2020-09-13 00:00:26 |
Context
2020-09-13
| ||
00:14 | Sitemap: pointed wiki Sandbox at /wikiedit, instead of /wiki, to account for recent sandbox-handling changes. Added a Pikchr Sandbox (/pikchrshow) link under the Wiki section. ... (check-in: 27a26bb4 user: stephan tags: trunk) | |
00:00 | /wikiedit can now be opened if the user has at least RdWiki permissions, primarily to allow access to the Sandbox for pikchr experimentation. A user without WrWiki still cannot save anything, and users without RdWiki cannot open it at all because it would give them access to the list of wiki pages, which they otherwise aren't privvy to without RdWiki. Also added a RdWiki check to the internal wikiedit ajax routes, as those could have potentially leaked pages to unprivileged users who decoded their internal ajax interfaces. ... (check-in: bff3df00 user: stephan tags: trunk) | |
2020-09-12
| ||
23:26 | Adapted pixchrshow raw SVG preview to account for pixchr output containing an outer DIV. Resolves (for me, anyway) Inkscape import problem reported in the forum. ... (check-in: 2ffd9dd1 user: stephan tags: trunk) | |
Changes
Changes to src/wiki.c.
︙ | ︙ | |||
1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 | ajax_route_error(404,"Ajax route not found."); return; } login_check_credentials(); if( pRoute->bWriteMode!=0 && g.perm.WrWiki==0 ){ ajax_route_error(403,"Write permissions required."); return; }else if(0==cgi_csrf_safe(pRoute->bPost)){ ajax_route_error(403, "CSRF violation (make sure sending of HTTP " "Referer headers is enabled for XHR " "connections)."); return; } | > > > | 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 | ajax_route_error(404,"Ajax route not found."); return; } login_check_credentials(); if( pRoute->bWriteMode!=0 && g.perm.WrWiki==0 ){ ajax_route_error(403,"Write permissions required."); return; }else if( pRoute->bWriteMode==0 && g.perm.RdWiki==0 ){ ajax_route_error(403,"Read-Wiki permissions required."); return; }else if(0==cgi_csrf_safe(pRoute->bPost)){ ajax_route_error(403, "CSRF violation (make sure sending of HTTP " "Referer headers is enabled for XHR " "connections)."); return; } |
︙ | ︙ | |||
1106 1107 1108 1109 1110 1111 1112 | login_check_credentials(); zPageName = PD("name",""); if(zPageName && *zPageName){ if( check_name(zPageName) ) return; } isSandbox = is_sandbox(zPageName); if( isSandbox ){ | | | | | | > > > > > | 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 | login_check_credentials(); zPageName = PD("name",""); if(zPageName && *zPageName){ if( check_name(zPageName) ) return; } isSandbox = is_sandbox(zPageName); if( isSandbox ){ if( !g.perm.RdWiki ){ login_needed(g.anon.RdWiki); return; } found = 1; }else if( zPageName!=0 && zPageName[0]!=0){ int rid = 0; if( !wiki_special_permission(zPageName) ){ login_needed(0); return; } found = wiki_fetch_by_name(zPageName, 0, &rid, 0); if( (rid && !g.perm.RdWiki) || (!rid && !g.perm.NewWiki) ){ login_needed(rid ? g.anon.RdWiki : g.anon.NewWiki); return; } }else{ if( !g.perm.RdWiki ){ login_needed(g.anon.RdWiki); return; } } style_header("Wiki Editor"); style_emit_noscript_for_js_page(); /* Status bar */ |
︙ | ︙ |