Commit Graph

1063 Commits

Author SHA1 Message Date
Martin Zimmermann
3713d5e8ee allow raw HTML markup for a few (whitelisted) tags
To be compatible with comments from Disqus (and users unfamiliar with
Markdown), Misaka no longer disables user-inputted HTML, but the
generated HTML is now post-processed and all "unsafe" tags (not
possible with Markdown) are discarded.

Whitelist: p, a, pre, blockquote, h1-h6, em, sub, sup, del, ins, math,
           dl, ol, ul, li

This commit also removes an unnecessary newline generated by
Misaka/Sundown.
2014-01-12 14:44:39 +01:00
Martin Zimmermann
36d702c7bc proper use of Misaka's HTML render flags (fix malicious HTML injection)
This commit now sanitizes *all* HTML tags written by the user (also
prevents auto-link to "unsafe" web protocols and images) as intended.

Fortunately because of Sundown's typography support, it did not affect
JS injection, but custom style tags and iframes.

PS: thanks to the anonymous submitter of a comment including a style tag
for 24pt, red font ;-)
2014-01-12 12:58:24 +01:00
Martin Zimmermann
241b278863 whitelist external ipaddr package in tox configuration 2014-01-07 15:52:35 +01:00
Martin Zimmermann
dcd473967b Merge branch 'remove-q-lib' 2014-01-07 14:36:06 +01:00
Martin Zimmermann
6006a12778 fix wrong logic when vote counter stays at zero (e.g. self-vote) 2014-01-07 14:29:51 +01:00
Martin Zimmermann
306d2d9f9e log 5xx errors
Also, fix console.log usage.
2014-01-07 14:28:12 +01:00
Martin Zimmermann
a29393ee3f replace kriskowal/q with 50 LoC homebrew implementation, part of #51
As a result, it is no longer possible to chain promises
(then().then().then(etc.)), but that is actually not an issue for Isso.

The deferred/promise implementation is roughly based on
http://stackoverflow.com/a/17722683 and stackp/promisejs.
2014-01-07 14:28:10 +01:00
Martin Zimmermann
ebf6ca7a85 add Transifex translation to contributing guide 2014-01-06 18:38:16 +01:00
Martin Zimmermann
bfae158bde update translations from Transifex (initial pull) 2014-01-06 18:21:30 +01:00
Martin Zimmermann
4d530fb2f1 add Transifex project configuration file 2014-01-06 18:21:30 +01:00
Martin Zimmermann
055a20606a add tx-pull and tx-push FILE helper scripts
tx-pull fetches translations from Transifex to .tx/<ressource>/<lang>
and converts the JSON into an AMD module. Requires `transifex-client`
from PyPi.

tx-push FILE submits a AMD translation module to Transifex using `curl`
and credentials from ~/.transifexrc.
2014-01-06 18:21:27 +01:00
Martin Zimmermann
9dd066c6a6 reflect security = ... in docs and print warning if used 2014-01-01 22:20:00 +01:00
Martin Zimmermann
c50fe22eb1 fix port -> listen snippet 2014-01-01 22:07:16 +01:00
Thomas Sileo
a322cf673a Bugfix 2013-12-26 22:22:48 +01:00
Thomas Sileo
e50ecc7811 Removed debug info 2013-12-26 19:22:55 +01:00
Thomas Sileo
08313c191c Added reply notification for commenter 2013-12-26 19:19:15 +01:00
Martin Zimmermann
ab27ce5450 Merge pull request #48 from chimo/starttls
Adds STARTTLS support to SMTP notifications
2013-12-23 04:43:49 -08:00
Chimo
658e065f23 Adds STARTTLS support to SMTP notifications 2013-12-19 23:36:06 -05:00
Martin Zimmermann
85e637d017 simplify JSON response 2013-12-19 08:56:14 +01:00
Martin Zimmermann
905bd63eee CORS middleware must return bytes 2013-12-19 08:55:53 +01:00
Martin Zimmermann
82da63a81b check if hash is a base-16 string 2013-12-19 08:55:06 +01:00
Martin Zimmermann
e244227f41 convert proxy object to string before passing to urllib 2013-12-19 08:09:09 +01:00
Martin Zimmermann
d4f836fd65 add test for /check-ip 2013-12-18 19:27:36 +01:00
Martin Zimmermann
cbee3f7b2e clarify copyright headers 2013-12-18 16:21:35 +01:00
Martin Zimmermann
ecfaf9828e add faq.rst 2013-12-18 16:20:52 +01:00
Martin Zimmermann
1153b9cf6e extend API documentation 2013-12-18 14:14:37 +01:00
Martin Zimmermann
a728d3e32d add doctest for IPv6 mapped IPv4 addresses 2013-12-18 13:08:57 +01:00
Martin Zimmermann
26b9088c9d add coverage target to Makefile 2013-12-18 13:08:57 +01:00
Martin Zimmermann
2a86b46893 add test for disqus import 2013-12-18 13:08:54 +01:00
Martin Zimmermann
f81b955aa5 use SHA1 instead of MD5 to verify comment owner 2013-12-18 13:01:09 +01:00
Martin Zimmermann
29a825b575 remove unused utility functions 2013-12-18 13:01:05 +01:00
Martin Zimmermann
8bf9b1145a add link to supervisor init script, close #47 2013-12-18 11:59:49 +01:00
Martin Zimmermann
cc1ccfd70d change project status from alpha to beta 2013-12-17 13:43:02 +01:00
Martin Zimmermann
65f260d0ba show session-key on application startup
Maybe useful to see that it really changes if unset. Also reduced key
size to 16 bytes form /dev/urandom (cosmetic reason, still enough).
2013-12-17 13:40:32 +01:00
Martin Zimmermann
a4213e4304 update docstrings for isso.db 2013-12-17 13:30:37 +01:00
Martin Zimmermann
c99fe3d583 remove unused SQLite3.mode attribute 2013-12-17 13:18:43 +01:00
Martin Zimmermann
7255e01375 replace isso module with isso.run 2013-12-16 15:42:43 +01:00
Martin Zimmermann
fcd0a01de3 make_app uses threading.Lock now by default
Uses keyword arguments to use multiprocessing or uwsgi mixin. This
fixes an issue on exotic *BSDs such as NetBSD where Python comes not
with inter-process semaphores (issue 3307):

     mod_wsgi (pid=14365): Target WSGI script '/var/www/vhosts/my.hostname.org/htdocs/isso.wsgi' cannot be loaded as Python module.
     mod_wsgi (pid=14365): Exception occurred processing WSGI script '/var/www/vhosts/my.hostname.org/htdocs/isso.wsgi'.
     Traceback (most recent call last):
       File "/var/www/vhosts/my.hostname.org/htdocs/isso.wsgi", line 8, in <module>
         application = make_app(Config.load("/var/www/vhosts/my.hostname.org/htdocs/isso.cfg"))
       File "/usr/pkg/lib/python2.7/site-packages/isso/__init__.py", line 155, in make_app
         isso = App(conf)
       File "/usr/pkg/lib/python2.7/site-packages/isso/__init__.py", line 91, in __init__
         super(Isso, self).__init__(conf)
       File "/usr/pkg/lib/python2.7/site-packages/isso/core.py", line 223, in __init__
         self.lock = multiprocessing.Lock()
       File "/usr/pkg/lib/python2.7/multiprocessing/__init__.py", line 175, in Lock
         from multiprocessing.synchronize import Lock
       File "/usr/pkg/lib/python2.7/multiprocessing/synchronize.py", line 59, in <module>
         " function, see issue 3770.")
     ImportError: This platform lacks a functioning sem_open implementation, therefore, the required synchronization primitives needed will not function, see issue 3770.
2013-12-16 15:40:18 +01:00
Martin Zimmermann
a7375e8016 Back to development: 0.7 2013-12-16 11:59:33 +01:00
Martin Zimmermann
0f39d17843 Preparing release 0.6 2013-12-16 11:59:29 +01:00
Martin Zimmermann
9db762ad5e italian translation by alzeco 2013-12-12 17:30:40 +01:00
Martin Zimmermann
525b2db6f1 fix french pluralization 2013-12-12 17:29:26 +01:00
Martin Zimmermann
150726df13 Merge branch 'feature/27', override thread id 2013-12-12 13:07:57 +01:00
Martin Zimmermann
bcb60c4e74 add documentation 2013-12-12 13:07:44 +01:00
Martin Zimmermann
77df31d06f override thread discovery with data-isso-id="...", close #27 2013-12-12 13:04:29 +01:00
Martin Zimmermann
79112940e6 reduce heading size in comments, fix #26 2013-12-12 12:10:50 +01:00
Martin Zimmermann
c5daa66c82 remove old CSS rule 2013-12-12 12:10:02 +01:00
Martin Zimmermann
0152e627ea use apache lexer and add recipe for session key generation 2013-12-12 11:52:05 +01:00
Martin Zimmermann
f0be9e9655 add latest work to changelog 2013-12-12 11:44:34 +01:00
Martin Zimmermann
336ca3ffe7 add deployment docs for mod_wsgi 2013-12-12 11:28:30 +01:00