Google Git
Sign in
apache / jspwiki / refs/tags/jspwiki_2_4_100 / . / ChangeLog
blob: b157d19e48d42a9939c068a1feb899294183314d [file] [log] [blame]
2007-03-02 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.100
* Fixes the leaking ACLs issue - you can now use ACLs on
your LeftMenu or any other included page without having to
worry about it actually influencing the master page.
* Also fixed leaking variables issue - this was exactly
the same problem as with ACLs.
* Improved javadocs for both WikiContext.get/setRealPage()
and InsertPageTag.
2007-03-01 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.99
* Another fix: our Tag base classes (IteratorTag, WikiBodyTag,
WikiTagBase) now implement the TryCatchFinally interface, which
allows them to cleanup any extraneous WikiContext references
which might be left dangling due to tag pooling. doFinally()
is especially useful because it is called regardless of the
exit status (or exceptions thrown) of doStartTag().
* 2.4.98
* Experimental fix for the "Gazillion WikiSessions At Startup"
problem reported by Murray Altheim. Now, if there is no
HttpServletRequest attached, we use a static, thread local
session. This seems to somewhat speed startup.
2007-02-28 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.97
* Fixed issue with leaking WikiSessions: WikiEventDelegate now
stores all listeners as WeakReferences. There is no need to
explicitly remove a listener anymore; once your object is gone,
it will be silently removed from the listener lists as well.
2007-02-27 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.96
* Arg, 2.4.92 overwrote an earlier fix, causing ClassCastExceptions
when logging out. Now fixed again.
* WatchDog no longer screams an error, if it fails.
2007-02-26 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.95
* Hopefully squashed the "null" author problem. Used to occur
when you had no cookie, and did a save straight out of a preview.
* AuthorTag would throw a nasty exception if the author name
was set to a blank string.
* A minor typo in build.xml caused JDBC tests to fail for a
totally out-of-the-cvs config.
2007-02-21 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.94
* Small fix: InfoContent.jsp was using double quotes where single
quotes would've been enough. This saves two extra quotes, which
we can use elsewhere. Reported by Robin Tew.
2007-02-06 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.93
* WikiEventManager was synchronizing too aggressively, causing
starvation under high-load conditions. This should help performance
quite a bit.
* Also speeded up WikiEventDelegate by switching to ArrayList, since
we don't need to do the sorting. This allows us to also to get rid
of an Iterator (to please Murray ;-).
* WatchDog.getCurrentWatchDog() would sometimes return a null
watchdog due to a brain fart (yes, garbage collection can happen
at *any* time!)
2007-02-04 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.92
* Implemented WatchDog class and general watchdog capability. Enabled
Wiki.jsp, rss.jsp, PageInfo.jsp, Diff.jsp RSSThread and Lucene updater
for watchdog capability.
* Fixed an issue with SessionMonitor trying to do a getAttribute()
on an expired session.
2007-01-28 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.91
* Bug fix: WeblogPlugin would cause ConcurrentModificationExceptions
whenever two threads would access it at the same time. This was due
to improper synchronization in WikiEventDelegate.
* Performance: JSPWikiMarkupParser startup is now about two orders of
magnitude faster than before, as we move to pre-caching of regexp
patterns. This should be provide a significant improvement in startup
times.
* Performance: MarkupParser.nextToken() is now slightly faster though
more insecure. It has also been made final to help the compiler a bit.
* WikiEngine gains the ability to store attributes. These can be used
e.g. to cache things.
2007-01-21 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.90
* WikiEventManager now logs exceptions better than before
2007-01-19 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.89
* Security fix: changeNote field did not properly encode HTML
entities, making JSPWiki vulnerable to XSS attacks on PageInfo.jsp.
2007-01-15 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.88
* Comment.jsp now requires that you post from the same IP address
that you did a GET to the page. This should only affect some
bots.
* RecentChangesPlugin now uses ECS (in preparation for some new
code).
2006-12-20 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.87
* Fixed a stupid typo in AttachmentServlet which caused reverse
logic when uploading something and checking whether that type
is allowed or not :)
* SpamFilter would die on empty changes.
* 2.4.86
* Bug fix: BugFirstCharacterAfterEndOfTableGetsEaten
* Added ability to selectively allow/forbid certain file types
to be uploaded. Check out the new jspwiki.properties for the
exact syntax. Admins can still upload anything they want.
2006-12-11 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.85
* Ahha! Found the reason why SpamFilter was rejecting legit
edits: there was a typo in the code that checked whether the
user was adding too many URLs, and one URL could be counted
several times.
* 2.4.84
* SpamFilter now ignores admins completely (an admin cannot be
banned)
* SpamFilter has a new parameter: ignoreauthenticated, which, if
set to true, causes authenticated users to be always ignored when
checking.
* SpamFilter now publishes an "incident code" in both the reject
message and log file, which should help figuring out why
a particular edit was rejected.
* General SpamFilter code reorganization.
* Fixed a memory leak in JSPWikiMarkupTranslator, found by Aron
Gombas.
2006-11-30 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.83
* Added patch from Glenn Nielsen to allow WikiWizard to
compile on Tomcat 4.1
2006-11-30 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.82
* Added patch from Glenn Nielsen to fix some issues of Lucene
starting twice. WikiEngine is now stored as an attribute to
the ServletContext.
* Fixed BugEditGroup.jspShouldAllowCharacterInMemberListWhenUsingNTLM
by remembering to do XML escaping in XMLGroupDatabase. Please note
that if you have been mucking around in groupdatabase.xml on your own,
this may cause breakage.
* Fixed BugUserPreferencesCanTDisplayedCorrectlyWithChinese by
encoding the username cookie with UTF-8 encoding.
2006-11-20 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.81
* AttachmentServlet is now less verbose if download is aborted.
* DefaultAclManager would accidentally also render plugins when
refreshing ACLs on the list. This could cause infinite recursion.
* New rendering control feature: setting RenderingManager.VAR_EXECUTE_PLUGINS
to Boolean.FALSE in the WikiContext will stop any plugins from being
rendered when you are calling render(). Note that they will still be
parsed, just not executed.
* Changed WikiEventDelegate to use a TreeSet to get rid of object
creation overhead - iterating through the list at every add() was
overhead. Needs more analysis though.
* Added patch from Neil Miller to get rid of extraneous m_engine
declaration in TemplateManager. Thanks!
2006-11-13 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.80
* Fixed the SessionManager once and for all by incorporating a patch
from Tim Bass and Glenn Nielsen - SessionMonitor is no longer a
Thread, and it just listens to Servlet container notifications.
Note that you MUST add the listener to your web.xml!
2006-11-10 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.79
* Minor fixes in an attempt to stop the IllegalThreadStateException
from WikiSession.getWikiSession()
* Fixed problem where DefaultACLManager would call itself recursively
if there was an InsertPage loop on the pages.
2006-11-07 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.78
* A bunch of minor refactorings suggested by Aron Gombas,
including:
* Visibility of member variables in WikiContext have been checked -
things were made more private, except m_request is now protected to
help in subclassing.
* JSPWikiMarkupParser also has visibility checked a bit to help
in subclassing - the different link types are now protected,
and a new factory method createAnchor() was added.
* JSPWikiMarkupParser now checks WikiContext for overrides for
most variables.
2006-11-06 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.77
* Hopefully fixed login redirection issues when using
container authentication. If the user did not have permissions
even after login, this would result in a constant series of
redirections.
* Added run_webtests.sh
2006-11-06 Christoph Sauer <sauer@hs-heilbronn.de>
* 2.4.76
* added fix from Chuck Smith so that WikiWizard.jsp now is valid XHTML:
document.write() function in JavaScript is deprecated, instead
document.addEventListener("DOMContentLoaded", changeWidth, null)
is used now to modify the the DOM Tree after it is loaded.
2006-11-04 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.75
* Added patch from Tomasz Szymko to fix previews when adding
comments. Thanks!
* Added patch from Murray Altheim to provide timestamps in
WikiEvents, and added a new SESSION_EXPIRED event as well.
* Session monitor now fires SESSION_EXPIRED events.
2006-10-29 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.74
* Improved startup a bit; now the log files should be better in
case you have a problem in your jspwiki.properties. It's still
not perfect, but it's better. The unfortunate side effect is
that you'll start getting 404 errors instead of error messages
when you are trying to access the site.
* Got rid of jspInit() in all top-level JSP files. This is a
bit nicer and simpler all around.
2006-10-28 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.73
* Patch from Neil Miller to fix PageManager which was not using
proper getProperty().
* AttachmentManager.listAttachments() now sorts the attachments.
Suggested by Fabio Bonin.
* If jspwiki.useCache was set to false, finding pages would
not work with VersioningFileProvider, thanks to some really old
optimization code that never got updated. Removed optimization,
hey presto! It works!
* Spam filter now includes change notes in its checks as well.
* WikiEventSource is now gone, since it was not used for anything.
Thanks to Murray for the heads-up!
2006-10-21 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.72
* SpamFilter is now a lot smarter. I enlisted a small guy
called Herb, who has agreed to sit in the JAR file, and watch
for any spam. Log files are a bit better, too.
* SpamFilter will now watch at consecutive modifications, and
mark them as spam, if there are too many similar-looking
modifications (no matter what IP they're from).
* SpamFilter can now connect to Akismet (www.akismet.com).
You need to get your own API key, though, and put it in the
filters.xml config file. Unfortunately we don't yet have
the ability to mark "ham" and "spam".
* ShortURLConstructor did not handle CONFLICT situations
correctly.
2006-10-17 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.71
* Small fix from Tomasz Szymko: jspwiki.css has information
and error images reversed.
* Comment.jsp did not compile. Reported by a number of people.
Ooops...
2006-10-13 Erik Bunn <ebu@memecry.net>
* 2.4.70
* Minor mod to WeblogEntryPlugin: now accepts a 'page' parameter,
like WeblogPlugin. Allows providing a 'new entry' link on some
page other than the actual blog page; this may be useful e.g.
for alternate views of a blog page.
2006-10-12 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.69
* Added a couple of patches from Tomasz Szymko to fix a problem
with messages from the AttachmentServlet, and a problem with
EditLinkTag.
* Added patch from Murray Altheim to fix a problem with
TextUtil.replaceString() - it would be dying under certain
circumstances.
* Added patch from Murray to add "_bounds" parameter to the
plugin invocation. _bounds consists of an integer array (int[]),
where element 0 is the start of the plugin position in the page,
and element 1 the end.
* Small fixes to LuceneSearchProvider.
2006-10-09 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.68
* Hopefully fixed the "ACL not refreshed at startup" problem,
reported by many people.
2006-10-08 Andrew Jaquith <andrew@freshcookies.org>
* 2.4.67
* Enhancement: JDBCUserDatabase will now use transactions, if the
back-end database supports them. In addition, JDBCUserDatabase now
nails up a single, long-running connection instead of continually
opening and closing them. Log message verbosity expanded slightly.
* Enhancement: GroupDatabase now has a relational database implementation
called JDBCGroupDatabase. It supports transactions and is configured
using a container-managed JNDI DataSource, exactly like JDBCUserDatabase.
Unit tests and DDL setup/teardown scripts were upgraded for the
new implementation. Sample scripts are included for PostgreSQL and
Hypersonic.
2006-10-06 Janne Jalkanen <jalkanen@ecyrd.com>
* Fixed a bunch of javadoc warnings; not enough to warrant a
version bump.
2006-10-05 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.66
* Added small patch from Neil Miller to fix WikiEngine.getInstance()
which was not properly passing its arguments. Thanks!
* Added patch from Murray Altheim which makes ReferenceManager and
SearchManager to behave as EventListeners for page deletion. Notably,
AttachmentManager and RenderingManager do not yet fire or listen these
events (needs fix).
* Added PAGE_DELETED and PAGE_DELETE_REQUESTED from Murray.
* Added patch to JSPWikiMarkupParser from Murray to make some of the
attributes publically accessible and less magic.
* Fixed ShortURLConstructor again for some contexts (FIND, DELETE & PREFS)
2006-10-01 Andrew Jaquith <andrew@freshcookies.org>
* 2.4.65
* Bug fix: fixed an issue with WikiContext that caused ACLs and policy settings to
be ignored when accessing the default front page. This bug was introduced during
the AAA mega-patch in July (2.4.25). Note: we still have an unrelated bug
with ACLs not being applied the *first time* pages are loaded.
2006-10-01 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.64
* WikiPage.clone() was not cloning everything; this should now be fixed.
* Included patch from Neil Miller to make RenderingManager use the
eventing system instead of PageFilters. Thanks!
* ShortURLConstructor now supports group functionality.
* Fixed an annoying bug which appeared if saving failed for some reason
(e.g. when SpamFilter would reject an edit): the cache would still
contain the changed page metadata. We now make a clone of the
WikiPage before we attempt a save.
2006-10-01 Andrew Jaquith <andrew@freshcookies.org>
* 2.4.63
* WikiSession receives several under-the-hood changes to improve session
stability. The technique used to detect session status changes now includes an
explicit check for prior authentication; this should prevent sudden "downgrades"
from authenticated status to asserted (cookies). User/login Principals and
the status strings (anonymous/asserted/authenticated) are cached now, rather
than dynamically calculated. WikiSession gains a new public method, isAsserted()
that does what it says. Finally, WikiSession now takes responsibility
for populating the JAAS Subject with user profile principals, rather than
the various login modules.
* AuthenticationManager now fires an event called LOGIN_INITIATED whenever
the authentication status changes, signifying that the JAAS login stack
executed (but without regard to whether it succeeded). WikiSession listens
for this event and updates its cached principals. AuthenticationManager
also now fires explicit events called LOGIN_ANONYMOUS and LOGIN_ASSERTED
in addition to LOGIN_AUTHENTICATED.
* In the name of code simplification, event support was removed from the
Group class. It was redundant and made things more complicated. Consequently,
GroupManager loses its GroupListener inner class, and WikiSecurityEvent gets
rid of types GROUP_ADD_MEMBER, GROUP_REMOVE_MEMBER, GROUP_CLEAR_MEMBERS.
If you really really need these let me know, but in the meantime the coarser-
grained GROUP_ADD and GROUP_REMOVE will do what we need.
* UserDatabaseLoginModule no longer populates WikiSession's Subject with
user profile principals; this was moved to WikiSession. This should make
pure, authentication-only login modules possible, such as for LDAP and Kerberos.
Because authentication and user profile storage are better separated, it will
prevent the need to subclass and hack XMLUserDatabase. WebContainerCallbackHandler
no longer needs a UserDatabaseCallback as a result, so the callback was removed.
* Bug fix: LoginForm now injects a WikiContext, but only if one does not already
exist in the page context. This plugs the bug introduced in 2.4.60. Page redirection
after login works for both container and custom authentication; the web unit
tests now test for this condition explicitly. The fix has been tested with
Tomcat and JBoss 4.
* Fixed a bunch of failing auth tests.
2006-09-28 Andrew Jaquith <andrew@freshcookies.org>
* 2.4.62
* Fixed the fix for the login-redirection issue, patched in 2.4.60.
"Regular" logins (those without a subsequent redirection) now work again.
Thanks to the indefatigable Terry Steichen.
2006-09-27 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.61
* Fixed a couple of failing tests (recent changes caused slight behaviour
change)
* Bug fix: the Wiki Event INITIALIZING is now fired after log4j is running -
this stops about a zillion of errors in the container log file.
* Slightly juggled with the built-in system filter priorities to make sure
that they are executed in correct order.
* Added a small fix to saveText() to check if it possibly fixes some problems
with disappearing ACL lists or other metadata. Our provider interface is
desperately in the need of an overhaul...
2006-09-27 Andrew Jaquith <andrew@freshcookies.org>
* 2.4.60
* Fixed typo in SecurityConfig.jsp that caused group verification to
report the number of "users" rather thank groups. Credit: Chuck Deal.
* Fixed a series of related, minor bugs that caused JSPWiki to always
redirect to the front page after login, even when instructed to redirect
to another page. This fix also resulted in the removal of a redundant
WikiContext creation in LoginForm. Thanks to Terry Steichen for figuring
out where to look.
2006-09-24 Andrew Jaquith <andrew@freshcookies.org>
* 2.4.59
* XMLGroupDatabase and XMLUserDatabase now represent dates using
a locale-independent, machine-independent format. To preserve backwards
compatibility, JSPWiki will attempt to parse dates using the platform
default format if parsing with the standard format fails. New records
will always be saved in the standard format.
2006-09-24 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.58
* Some internal reshuffling of Managers.
* PluginManager and EditorManager now check if a module is
compatible with JSPWiki. You can state your own compatibility
by declaring it in the jspwiki_module.xml file, as
<minVersion>2.4</minVersion>, and/or
<maxVersion>2.6.32</maxVersion>.
* 2.4.57
* Added change notes also to attachments
* Attachment names are now also beautified (though just the
page name part). This should help the problem when RecentChanges
plugin overflows.
* Cleaned away a few compiler warnings
* Improved some PluginManager javadocs
* BasicAttachmentProvider has now more sanity checks and should
no more throw wild NPEs at startup.
* Fixed
BugLuceneSearchProviderNotReadJspwiki.lucene.analyzerFromConfiguration
Thanks to Ekkasit Takoungsakdakul for pointing this one out!
(And I am very sorry I did not notice that bug report earlier.)
2006-09-21 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.56
* Added patch from Kalle Kivimaa to fire the event with the
proper principal at logout. Thanks!
2006-09-15 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.55
* Added patch from Joseph Schmigel to recognize IP
addresses in sortable tables. Thanks!
* Added new icons from Murray Altheim so that we could
get rid of all Creative Commons-licensed icons. This was
done so that JSPWiki 2.4 could be included on Debian. Thanks
heaps for the good work!
* Reverted to previous behaviour with respect to WikiWizard:
no longer closes applet and div with javascript, which should help
in IE.
2006-09-12 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.54
* Added patch from Murray Altheim to fix WikiEventManager
javadocs, as well as made it return booleans on a couple
of methods. Thanks Murray!
2006-09-10 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.53
* Removed FCK.jsp from the distribution (since we don't distribute
FCK, it's sort of weird to have it there breaking things).
* Bug fix: Comment.jsp now catches RedirectExceptions
* Bug fix: BugReportHandler also catches RedirectExceptions and
now gives a proper error report.
* Limited change note length to 80 characters.
2006-09-09 Andrew Jaquith <andrew@freshcookies.org>
* 2.4.52
* UserManager now checks to make sure that a user can't
specify as a wiki name somebody elses's full name or login
name. This check is peformed for all other combinations of
these three user profile fields also. This is a potentially
serious security flaw, so all users should upgrade.
2006-09-08 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.51
* Added patch from Malte Kiesel to fix a problem which caused
overwriting of user profile.
* Fixed WikiJSPFilter writing the wrong content length to the
response (we're skipping setting the length for now).
2006-09-07 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.50
* Test release to check whether we can solve some WebLogic
issues.
* Split WikiServletFilter to WikiServletFilter and WikiJSPFilter.
The latter takes care of JSP stuff, the former of all other types
of data. WikiJSPFilter uses getWriter() extensively, while
WikiServletFilter is for those instances that use
getOutputStream(). Thanks to Marc Patteet for the help.
* Renaming now also renames attachments (assuming that the
attachments exist - if they don't, then there's no way to know
which pages refer to them (bar going through all pages).
* Changed web.xml to reflect the new filters. Don't forget
to update!
* Added "print" style for jspwiki.css in commonheader.jsp. This
should fix problems with printing looking different from screen.
Reported by Steve Lihn, fix from Dirk Frederickx
* Fixed InfoContent.jsp for WebLogic. By Marc Patteet.
2006-09-06 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.49
* Witness the awesome p0w3r of unit testing. Fixed the
unit tests added in the morning so that we now hopefully
are fixing BugStrangeRenameBehaviour. Reported by Candid
Dauth.
* Bug fix: ReferenceManager was not removing all references
to a page if it was renamed, resulting in "hanging" pages.
* Added a bunch of new unit tests to check for page
renaming problems. At the moment most of them fail, suggesting
that there is something wrong in PageRenamer...
2006-09-05 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.48
* Bug fix: it was possible to gain user privileges simply
by faking the cookie. This is a serious problem and all
people running 2.4.x are suggested to upgrade. Thanks
to Andrew for the fix.
* SecurityVerifier no longer gets confused, if you state
a property using "==" instead of "=".
2006-09-05 Christoph Sauer <sauer@hs-heilbronn.de>
* 2.4.47
* Added title and accesskey attribute to
LinkTag, EditLinkTag and PageInfoTag. You can now set
accesskeys to edit pages in the PageActions.jsp
Use the title attribute to add a tooltip text to indicate
the speedkey you used.
2006-09-04 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.46
* Bug fix: PageLock was using acquisition time for both
expiry and acquisition. Fixes BugLockNotWorking. Reported
by Terry Steichen.
* Added WikiContext.hasAdminPermission() as a convenience
method.
* Changed SpamFilter to check for AllPermission instead of
a group called Admin - this is better because of i18n.
* SpamFilter now checks also the changenote before saving.
* Added the possibility to escape }}} within a preformatted
section by using ~}}}. Suggested by several people at
WikiCreole.org...
2006-09-04 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.45
* Bug fix: When SpamFilter rejected something, there would
be no message shown in RejectedMessage. Reported by
Terry Steichen.
* Removed plenty of documentation from the default wikipages
package. It was out of date, and better written up at
doc.jspwiki.org anyway.
* Removed doc/Templates.txt, which was no longer accurate.
2006-09-03 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.44
* Both XMLUserDatabase and XMLGroupDatabase will now check
if the database is up to date. This allows propagation of
databases across wikis (though it's rather flaky; there are
concurrency issues).
2006-09-03 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.43
* Bug fix: If the front page did not exist, would die with
a NullPointerException, when accessed with the default URL
(e.g. /Wiki.jsp, or /wiki/ without the page).
Should fix BugBadDefaultConfig.
2006-09-02 Christoph Sauer <sauer@hs-heilbronn.de>
* 2.4.42
* Fixed Bug with WikiWizard.jsp and Weblogic reported by Marc Patteet
2006-09-02 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.41
* LinkTag should no longer crash if WikiContext does not have
a page attached. Reported by Fabiano Bonin.
2006-08-30 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.40
* Christoph Sauer joins in as a contributor (if only I got
him to update the ChangeLog... ;)
* WikiWizard is now included. Hooray for WIKIWYG editing!
* Small tweaks to the EditTemplate.
* Changed "jspwiki.security=container" to "jspwiki.security=off".
This should make it more clear to people. The old setting
will continue to work.
* Added page info links back to attachments in RecentChanges.
Unfortunate side effect of the new renderer...
2006-08-30 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.39 - The "Piko" release. Rest in Peace.
* Added SearchManagerTest to make sure that our search works.
* Bug fix: LuceneSearchProvider was not indexing the WikiName
of the page.
* Bug fix: SearchManager now always indexes the latest version
of the page (thanks heaps to John Volkar for finding this).
* Disabled ContextualDiffProviderTest.testKnownProblemCases(),
I have no idea how to fix those, and it was never running anyway.
* Disabled JSPWikiMarkupParserTest.testSpanJavascript2() -
it would need a lot more care to make it really run.
* Fixed failing XMLRPC tests.
* Upgraded to Lucene 2.0.0.
2006-08-27 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.38
* WikiEvents are now fired at almost any occasion that seems suitable.
Thanks to Murray Altheim for this mega-patch. Some of the event
classes were also reorganized (thanks to Andrew and Murray).
* SpamFilter no longer counts admins as evil, if they make many
changes/minute.
* WikiServletFilter fails now gracefully if WikiEngine instatiation
fails - should no longer emit dumb NullPointerExceptions.
* FindContent.jsp now hopefully calculates previous- and next
search sizes correctly.
* Change Notes are now visible in page history as well. Unfortunately,
the visuals suck. Anyone want to help to make them look better? Just
don't make them too wide...
* Change Notes are now limited to 60 characters (totally arbitrary).
2006-08-21 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.37
* Faced with physical threats at WikiSym, I added the "change note"
feature. Hope y'all are happy now :-D (Well, okay, it does not
work in the page info yet; I'm thinking what would be a good
presentation so that the page does not get overly wide).
* Bug fix: jspwiki.tld had the wrong attribute for RequestResourceTag.
Reported by Marc ?.
2006-08-14 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.36
* Bug fix: UserProfileTag was not printing groups. Reported by
Dirk Fredericx.
2006-08-13 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.35
* Fixed BugPreformattedTextWithHtmlDoesnTWorkIfAllowHTMLTrue. Thanks to
RealGagnon and an unknown submitter.
* Fixed BugStyleDoublePercentProblem. There are two new tokens:
/% can also be used to stop a style, and ~<space> is a non-rendering
space.
* Fixed BugNullPointerExceptionWhenInsertingImagesWithoutAlignAttribute.
Thanks to Candid Dauth for pointing it out.
* Added patch from Laurent Courtin to fix
BugTableOfContentsDoesnTWorkWithPageNotInAscii. Thanks!
2006-08-12 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.34
* Implemented RequestResourceTag (oops, it had been skipped for
some reason).
2006-08-09 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.33
* RecentChangesPlugin was missing a quote in the generation
of author names.
2006-08-08 Andrew Jaquith <andrew@freshcookies.org>
* 2.4.32
* Fixed an astoundingly brain-damaged bug in WikiContext that caused
all wiki contexts to use the default template in all cases, regardless
of the setting in jspwiki.properties. This bug was introduced by the
2.4.25 security mega-patch. The fix, of course, was three lines
of code. Now that it's in, I'd like to put down my crack pipe
long enough to thank Terry Steichen for spotting this.
2006-08-01 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.31
* Bug fix: BugArbitraryHTMLMarkupInHeadingIsRenderedByTableOfContentPlugin,
reported by Jerome Duprez.
* Bug fix: BugCenteringImagesUsingImagePluginDoesNotWorkInFirefox,
contributed by Alex Reid.
* Bug fix: BugCanKeepPressingNext20ResultsOnResultSearchPage. Rewrote
the scriptlets in FindContent.jsp to provide a better experience
overall.
* Bug fix: BugReferringPagesPluginDontWriteNobobyAfterFiltering.
Reported by François Burtin.
* Removed a bunch of compiler warnings found thanks to upgrade to
Eclipse 3.2.
2006-08-04 Andrew Jaquith <andrew@freshcookies.org>
* 2.4.30
* Fixed cosmetic bug that was causing all search results to
appear with the name "Search".
2006-08-01 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.29
* Character encoding is now set in the servlet filter, not
WikiEngine.createContext() anymore. This should remove certain
cases where character encoding got lost.
* 2.4.28
* Fixed a HUGE number of potential problems, found using FindBugs.
Problems included such as:
* Now many Comparators are also Serializable
* hashCode() is now implemented properly on objects that do
equals()
* clone() is rewritten to use super.clone()
* Many inner classes were made static to save extra effort
* Forms package classes had really dubious null checks which
were rewritten.
* TranslatorReader is no longer used in the code anywhere. Even
the TranslatorReaderTest is gone. The class, however, remains,
until we can refactor it to be a facade for JSPWikiMarkupParser.
* Coding style is now a local setting instead of a global
setting...
* And a lot of small bits and pieces...
2006-07-31 Andrew Jaquith <andrew@freshcookies.org>
* 2.4.27
* Bug fix: SecurityConfig was erroneously reporting that externally set
values for java.security.policy did not resolve to existing files,
even when they did.
* Bug fix: SecurityConfig was erroneously reporting that wiki groups
could not be deleted, even when this function actually worked
properly.
2006-07-30 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.26
* Fixed editor textarea width, thanks to Gordon Smith.
2006-07-29 Andrew Jaquith <andrew@freshcookies.org>
* 2.4.25 - a.k.a. the AAA mega-patch
* This release completely changes the way JSPWiki manages wiki groups.
They are no longer stored in pages; instead, GroupManager controls
access, while back-end storage is provided by the GroupDatabase interface.
This change has caused many other changes. More details:
* GroupManager changes from an interface to a concrete, final class. Group storage
is now handled by a separate GroupDatabase interface. The default implmentation is
XMLGroupDatabase. In addition, Group becomes a concrete final class; DefaultGroup
and DefaultGroupManager disappear. Group gets a new method groupPrincipal() that returns
the equivalent GroupPrincipal. Many new unit tests created for all of these changes.
* Group creation handled in UI by NewGroup.jsp. Editing is via EditGroup.jsp.
* UserProfileTag gains a property "groups" that will print the list of wiki groups
the current user belongs to. The "roles" property now just prints the roles.
* Default security policy (jspwiki.policy) gains grant entries for group
viewing, editing, deletion permissions. By default, users must be at least
"asserted" to view group members, and must be a member of a group to edit
the membership.
* PermissionTag gains three new permission checks: "viewGroup", "editGroup", "deleteGroup".
* Group principal injection responsibilities moves to WikiSession from AuthenticationManager.
* The hard-coded restriction on pages prefixed "Group" has been lifted.
* SecurityVerifier adds tests for GroupPermission. Better support for detecting
exceptions. Adds tests for adding/deleting Groups.
* New Groups plugin prints a sorted list of the wiki groups in the group database;
generates a hyperlink to each group page.
* JSPWikiInstaller (Install.jsp) receives a makeover and substantial enhancements to
support the new group scheme. When the wiki is set up, we now create an administrative
user and an Admin group. It also uses the default CSS.
* The new Command class is now fully integrated into WikiEngine.createContext()
and the WikiContext constructors. Practically speaking, this means that the
page names and redirect errors shown on pages will actually show something useful
when non-pages are accessed (e.g., access denied for UserPreferences.jsp won't
print the non-sensical "you don't have access to 'Main'). WikiEngine delegates
page-resolution responsibilities to CommandResolver. Minor changes to new
Command/CommandResolver classes to make JSP page names "friendlier".
* WikiSession.getUserPrincipal now defaults to the wiki principal, rather than
the full name. This means that favorites auto-linking won't break. It also gains
a method getRoles() that returns the roles and groups the user possesses.
The method doPrivileged(WikiSession,PrivilegedAction) allows actions to be
executed using the user's privileges. WikiSession's getSubject() method has been
removed; it was a security risk.
* Substantial changes to the AAA package tests. Web unit tests changed to accomodate groups.
* Minor refactoring: AllPermission, WikiPermission, PagePermission. AllPermissionCollection.
* Bug fix: closed <span> tag in InsertPagePlugin
* WikiContext.getName() provides a "safer" shortcut than calling WikiContext.getPage().getName()
because not all wiki contexts apply to pages. This change was made to: TableOfContents plugin;
most of the top-level JSPs; TranslatorReader; PageNameTag.
* Container role principals are now injected at login time by WebContainerLoginModule,
rather than the AuthenticationManager.
* More use of checked exceptions. Authorizer.initialize() throws WikiSecurityException
* WikiSecurityEvent gains the event type PROFILE_SAVED, emitted by UserDatabase. Most
of the security events are now marked as "debug" level events, which means the logs
will be much less chatty (this is a temporary hack).
* AuthorizationManager gains a new public method: getAuthorizer()
* The WikiEventSource "marker interface" added to class declarations for AuthorizationManager
AuthenticationManager, WikiEngine. EventSourceDelegate used in place of cut-and-paste code
for these classes also.
* TextUtil.password generator now uses SecureRandom instead of Random.
2006-07-24 Andrew Jaquith <andrew@freshcookies.org>
* 2.4.23
* Andy J. fixes what he broke... namely the build. Thanks
to Mark Rawling for pointing it out.
* SessionMonitor achieves escape velocity and becomes its own class,
breaking free of WikiSession's gravity.
* WikiSession.guestSession() changes to guestSession(WikiEngine).
This required small tweaks to a few classes, notably the RPC handlers
and parts of the Auth code.
* Various classes receive small code tweaks in preparation for upcoming
builds. WikiContext gains three new group-related contexts; WikiEngine
gains code to initialize CommandResolver and a related accessor;
* GroupPrincipal gains a two-argument constructor that accepts the
wiki name as the first parameter.
* WikiPermission's action strings are now public. Ebu's been waiting a while
for this.
* CommentedPropertiesTest's missing test.properties file is now in CVS.
2006-07-23 Andrew Jaquith <andrew@freshcookies.org>
* 2.4.22
* Added several classes and interfaces to support upcoming
AAA refactoring. These do not affect functionality, because
they are not referenced by any existing classes. New classes
include: (1) Command interface and related AbstractCommand,
PageCommand, GroupCommand and WikiCommand implementations;
(2) WikiEventSource interface and EventSourceDelegate class,
both in events package; (3) GroupDatabase interface and sample
groupdatabase.xml files and (4) CommentedProperties class for
reading and re-saving properties files that include comments.
Again, these classes are not yet actively used.
* Minor tweak to TestHttpServletRequest to support parameters and
servlet path.
* Removed cruft from HttpUtil; no functionality changes.
* WikiBackgroundThread now contains a getEngine() accessor.
2006-07-17 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.21
* RCSFileProvider had a rare concurrency issue with the
SimpleDateFormat. Reported by Bosmon on IRC.
2006-07-17 Erik Bunn <root@d183.fi.basen.net>
* Modularized RenderingManager. By setting
jspwiki.renderingManager.renderer in jspwiki.properties, a custom
WikiRenderer can be specified. Defaults to XHTMLRenderer.
2006-07-13 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.20
* Fixed BugNoMoreThanOneSortableTablePerPage. Thanks to
Juan Pablo Santos Rodriguez!
2006-07-13 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.19
* Added "InternalModule" interface. This is just an empty
interface which a module can declare and not get listed
in SystemInfo, for example. Used internally by JSPWiki.
* Fixed a major issue with page renaming: thanks to an
erroneus context sent downstream, the page which was renamed
from would get random contents.
* Page rename would not change referrers if the breakTitleWithSpaces
option was set on.
2006-07-12 Erik Bunn <Erik.Bunn@basen.net>
* Made ParamTag attribute 'value' non-required; tag body is
acceptable for value. (This should not warrant a version bump.)
2006-07-02 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.18
* BugReportHandler was dutifully adding the "_cmdline" to the
pages it was creating...
* Fixed some quote issues in commonheader.jsp and
PreferencesContent.jsp which were causing issues with
WebSphere. Reported by Robin Tew and Thorsten Nordholm S?birk.
2006-06-28 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.17
* WikiSecurityEvent.toString() would die if you had a null principal...
2006-06-17 Andrew Jaquith <andrew@freshcookies.org>
* 2.4.16
* Bug fix: SessionMonitor.sessions() now returns the same
number of sessions as userPrincipals(). Credit: Terry Steichen.
Also, the array of Principals returned by userPrincipals() is now sorted.
* WikiSession receives lots of Javadoc tweaks and minor
cleanup-oriented fixes (e.g., member visibility changes) that
do not change functionality. The class, and all of its methods, are
now marked final. The setSubject() method, which was not called
anywhere, was removed; it was a potential security risk.
* Ant 'javadoc' task now links to J2EE 1.3 API.
* Added table entry to SystemInfo page to display list of active users.
If you feel this is a privacy risk, remove the line from SystemInfo.
2006-06-23 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.15
* Fixed issue with absolute URLs and ShortURLConstructor (we were
using %U where %u should've been used in ERROR and NONE contexts).
Thanks to jim from IRC for pointing this out.
* Added patch from Brad Johnson to give better error output if
RCSFileProvider fails.
* Added patch from Murray Altheim to support _cmdline in PluginManager.
This allows a plugin to do completely custom parsing.
2006-06-17 Andrew Jaquith <andrew@freshcookies.org>
* 2.4.14
* Enhancement: all background threads now subclass a new class called
WikiBackgroundThread which will gracefully shut themselves down when
they hear a 'wiki shutdown' event. These threads are, at present:
WikiSession.SessionMonitor, PageManager.LockReaper, RSSThread, and
LuceneSearchProvider.LuceneUpdater. These threads are NO LONGER
daemon threads, which means they won't stay in memory when
the wiki webapp is removed.
* Enhancement: Added protected method shutdown() to WikiEngine that is
triggered by WikiServlet catching webapp destroy() events. Shutdown()
fires a WikiEngineEvent called 'shutdown' to all listeners, which at
present includes all WikiBackgroundThreads. New class added:
WikiEngineEvent. To catch container events, WikiServlet was changed in
web.xml to load at startup. This is a dirty hack, but not too dirty.
* Enhancement: Major refactoring of WikiSession to include a background
'monitor' thread that removes expired wiki sessions. This means that
session-count information should be accurate to within a minute
of when your web container expires its sessions. The background thread
is an inner class called SessionMonitor that subclasses WikiBackgroundThread.
WikiSession also gains a method called getUserPrincipals(WikiEngine)
that returns an array of Principals that represents the current
users currently using the wiki.
* Enhancement: SessionsPlugin receives parameter 'property' to specify what
session information should be returned. If set to 'users', plugin
returns the list of current users. If omitted, it returns the number of
active sessions. Thus, [{INSERT SessionsPlugin property=users}]
will actually print the names of current users -- neat!
* Enhancement: Group interface receives a long-awaited members()
method that returns the wiki group's current members as an array
of Principals.
* Enhancement: thread responsible for RSS generation extracted out of
WikEngine and moved to its own RSSThread class.
* Bug fix: to support multi-wiki webapps, WikiSession.getWikiSession's
method signature now includes a parameter for the current WikiEngine.
Check your custom JSPs to see if this affects you (it shouldn't; none of
the default JSPs currently use this method).
* Bug fix: Fixed deprecated methods used in LuceneSearchProvider.
* Bug fix: added sensible session timeout defaults to TestHttpSession
to prevent some tests from failing.
* Minor signature change to GroupManager: commit() now throws WikiException.
* Minor refactoring of WikiEvent class and subclasses to add getType()
method to superclass.
2006-06-05 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.13
* Added EditorManager patch from Chuck Smith. This now allows
fully dynamic editor selection using a drop-down menu in EditContent.jsp
* Added EditorIterator tag from Chuck, too.
* Fixed some IE tab layout issues, thanks to Dirk Fredericx.
2006-06-05 Andrew Jaquith <andrew@freshcookies.org>
* 2.4.12
* Added Hypersonic embedded database for JDBC testing. Enabled
JDBC testing in build.properties to use Hypersonic by default.
Added license file; corrected file extensions of two others.
* Removed database scripts for Mckoi embedded database.
* Added Ant target called 'tests-auth' for JDPA debugging of
AuthorizationManagerTest.
* Minor Javadoc fixes.
2006-05-28 Andrew Jaquith <andrew@freshcookies.org>
* 2.4.11
* WikiSession received minor refactorings to remove the set/getLastContext()
methods. These were used for only one purpose anyhow (WebContainerAuthorizer)
and the net result was that their inclusion was preventing garbage collection
of expired WikiSessions. WikiSession also receives a removeWikiSession()
method, which removes wiki sessions from its internal cache, and is called
during logout.
* Bug fix: WikiSession.sessions() and the related SessionsPlugin now
more accurately reflect the number of current WikiSessions, instead of
continuously incrementing. (Technically, the counter shows the number of
non-GCed sessions.) In the future a "session reaper" would make this even
better.
* Bug fix: Removed divide-by-zero error from SecurityVerifier.
* Bug fix: DefaultGroup and DefaultGroupManager now store their
WikiEventListeners in WeakHashMaps to prevent listener objects
(such as WikiSession) from being reclaimed by GC.
* Bug fix: WikiDocument now stores its reference to WikiContext
as a WeakReference, so that caching operations won't prevent GC
of the WikiContext.
* Bug fix: Corrected text on the default PreferencesContent.jsp
to reflect recent e-mail reset function.
* Bug fix: Fixed listener bug DefaultGroupManager that was preventing
WikiSessions from receiving updated GroupPrincipals when groups
were changed to include new members in certain cases.
* Bug fix: Fixed 'index out of range' error caused by zero-length cookies.
* Bug fix: WebContainerAuthorizer now recognizes roles declared in
web.xml for elements web-app/security-role/role-name, in addition to
those declared for web-app/security-constraint/auth-constraint/role-name.
* Moved hack-ey code that injects web container Role Principals from
AuthenticationManager to WebContainerLoginModule, where it belongs.
* As part of the memory-leak fix, WebContainerAuthorizer no longer
relies on a sneaky call to WikiSession.getLastContext().getHttpRequest()
to test whether a user possesses a particular container role. Instead,
we (only) inspect the user's Subject's Principal set for the desired role.
This means that changes to container's user/role mappings are NOT
reflected until the next time the user logs in.
2006-05-28 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.10
* Atom feeds now validate properly
* RSS and Atom feeds are now served with proper media type
2006-05-20 Andrew Jaquith <andrew@freshcookies.org>
* 2.4.9
* Enhancement: UserDatabase interface includes two new methods:
getWikiNames() for enumerating the users in the current database,
and deleteByLoginName( String ), for removing users. I have implemented
these methods to the concrete classes JDBCUserDatabase and
XMLUserDatabase. Thanks to Frank Fischer for his patches; they
served as the basis for these changes. I have *not* added convenience
methods to UserManager... yet.
* Enhancement: SecurityVerifier includes new code that checks to make
sure the UserDatabase is initialized properly, and that it can add
and delete users correctly. Also, admin/SecurityConfig.jsp includes
a new section ('UserDatabase') where results of the checks are displayed.
* Minor tweaks to the database setup scripts to include update/delete
privileges for the roles table.
* Minor tweak to web unit tests to account for cleared cookies at logout.
2006-05-20 Andrew Jaquith <andrew@freshcookies.org>
* 2.4.8
* Enhancement: AuthenticationManager now injects role Principals
at login time from the external authorizer into our WikiSession's
subject. This works with all Authorizers, including (of course)
WebContainerAuthorizer. This enables grants to Principals of
type com.ecyrd.jspwiki.auth.authorize.Role to be specified in
the Java security policy. In particular, this means that policy
files can be broadened to include container roles.
WebContainerAuthorizer received a new method to accomodate this.
* Enhancement: Added grant block in jspwiki for administrator groups
principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin" (wiki group)
and principal com.ecyrd.jspwiki.auth.authorize.Role "Admin" (container
role). Added new wiki page to distribution, GroupAdmin.txt with an
empty (disabled) membership, which makes the administrator group
secure by default. We expect that a future enhancement to Install.jsp
will overwrite the contents of this file, thus "enabling" the admin group.
* Bug fix: Uploaded JDK1.4-compatible version of freshcookies-security.jar.
* Bug fix: Fixed error in jspwiki.policy.
* Bug fix: Changed WikiEvent so that its toString() method does not
leak credentials.
* Bug fix: Logout.jsp now removes "asserted" identity cookies.
This is arguably less confusing to users.
* Bug fix: Removed SecurityConfig.jsp from web.xml constraint (for now).
* Removed spurious import in AuthorizationManager.
* Massive refactoring and huge improvements to SecurityVerifier and
admin/SecurityConfig.jsp. Janne, it should even for you now. :)
* AllPermissionCollection now accepts WikiPermission and PagePermission
types in its add() method. The newPermissionCollection() method for
WikiPermission and PagePermission returns a new AllPermissionCollection().
2006-05-09 Dan Frankowski
* 2.4.7
* Fixed SearchBox "edit" bug when
jspwiki.urlConstructor=ShortURLConstructor
* Add a link on the attachment page back to the original page
2006-05-09 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.6
* Fixed NPE in ReferenceManager.pageRemoved (thanks
to JMarquart).
* ShortURLConstructor did not have PREVIEW context
available; thanks to Malte Kiesel for the fix.
* Added quick fix from Dan Frankowski to generate
JDOM javadoc links.
* Plain URIs in text are now parsed properly and no longer
cut at the first "=" sign.
* NewGroup.jsp would occasionally throw NPEs if the context
was null - fixed by ICantRememberWhoAnymoreBecauseILostTheEmail.
Thanks anyway!
2006-05-07 Andrew Jaquith <andrew@freshcookies.org>
* 2.4.5
* Added a new JSP for verifying JSPWiki's security
configuartion, admin/SecurityConfig.jsp. This JSP
collaborates with a new class, c.e.j.auth.SecurityVerifier.
SecurityConfig will verify the presence or absence of
the JAAS login config file, the security policy file,
and container-managed auth constraints. It will also
validate that the correct JAAS login configations exist,
and will print a summary table showing the privileges
that apply to each role. Much needed, and should
help folks get their security working.
* To support the security verifier, small (non-public)
changes were made to WebContainerAuthorizer. This class
also gains a new public method isConstrained(String, Principal).
* Bug fix: AuthenticationManager's method of finding
its JAAS and security policy files changed so that
full (absolute) patchs are discovered, rather than
local (JNDI) paths.
* Bug fix: small change to default security policy file
jspwiki.policy. It now includes commas between the
codebase and principal entries, as it should have.
* Added a small third-party utility jar (my own)
for parsing security policy files.
2006-05-06 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.4
* Added activation.jar and mail.jar to the distribution
* AuthenticationManager now complains if it cannot
locate the JAAS LoginManager information, instead of
failing with NPE.
* PagePermission.hashCode() no longer fails with NPE
if wiki is not set (normally, though, you would never
need it, but there are certain cases where this might
occur).
* Added a great patch from Dan Frankowski which allows
recovery of forgotten passwords! Please see your
jspwiki.properties for new SMTP options.
* Added search results filtering based on permissions,
i.e. you no longer see pages to which you have no
access to. Requested by many people.
* Login button is now on its own line instead of being
hidden in the right corner. Helps those people who
like to "hunt and click" on the mouse.
2006-05-01 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.3
* Added fix from Rolf Schumacher: no longer outputs
password to the log file in Tomcat. Oops.
* Fixed a failing unit test
* atom.jsp is now gone; please use "rss.jsp?type=atom"
* Fixed SearchBox.jsp issue reported by Dirk Fredericx.
* FeedDiscoveryTag should now offer Atom 1.0 feeds.
* WeblogPlugin no longer considers empty comment pages
as "1 comment".
2006-04-30 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.2
* Page Renamer did not write the author name properly to
any pages that were changed due to referrers changing.
* Page Renamer would accidentally do double-encoding of
XHTML entities... Yes, there's a difference between
getText() and getPureText(). Thanks to suomigo.net
community for finding this one out.
* WikiEngine.renamePage() API signature was changed
because of this... It now takes a WikiContext as well.
* Login.jsp did not write proper content encoding.
2006-04-26 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.1
* Updated README.
* Split old stuff from ChangeLog to OldChangeLog
* Added missing SearchPageHelp
* PageActions.jsp now checks if login is allowed
* Install.jsp now sets "jspwiki.security=container" to make
first-time installs easier.
* AuthorizationManager returns now "false", if security is
set to container and you ask for login permissions. This
drops the "Login" button from the display, if JSPWiki is
not managing authentication, fixing an annoyance.
2006-04-25 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.4.0
* SearchResultsIterator now can start from a given place
* You can now see all of the search results - just click on
"next 20 results".
* Included patch from Dan Frankowski to support returning
of search fragments. Thanks!
* Upgraded to Lucene 1.9.1
* Removed slash from allowed characters in wikipage - that would
create pages that were impossible to link to. Oops! It must've
been some debug code left in...
* LinkTag now removes extra whitespace from link text; this allows
you to use multi-line <wiki:Param> tags without the text becoming
too unwieldy...
* Search now also supports Google-like "are you feeling lucky"
-functionality. Just click on "Go!" in the search page.
* Search help is now on a page called "SearchPageHelp".
* Added support for left-to-right and right-to-left markup with
the %%ltr and %%rtl default styles. You can copy them from the
"jspwiki.css" file.
* Minor cleanups to build.xml.
* CheckLockTag would get confused if two people were trying to
create a non-existent page at the same time. Reported by
Mark Rawlings.
2006-04-20 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.104
* Tiny beautification: the attachment URLs no longer have %2F
but a slash. Reported by Mikkel Troest.
* LockReaper and RSSThread actually start now; we were calling the
setDaemon() in a wrong place. Reported by Mikkel Troest.
* Removed a dumb auth statement from SandBox. Thanks to
Murray Altheim.
2006-04-19 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.103
* Great URL mixup fix: we're now using %20 to encode spaces
instead of "+". This is because of
http://issues.apache.org/bugzilla/show_bug.cgi?id=39278.
In addition, we're moving away from using TextUtil.urlEncode().
This fix should by the way also fix plenty of issues with
non-latin1 page names.
* All JSPWiki daemon threads are now, well, official daemon
threads, so they should not hold up any exit. This should fix
an issue with Tomcat not quitting properly.
* When login failed, you would get the URLEncoded page name
instead of plain text.
* If the java.security.policy is already set, makes a sanity
check and tries to find also the keystore file in the same directory.
If it's not there, prints out a warning to the log. Otherwise,
there's no way to know about this: Java itself won't mention
this at all - it would just fail silently when instantiating
permissions. Boo hiss!
2006-04-17 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.102
* DavServlet was not properly reading UTF-8 file names
* CachingProvider was calling cancelUpdate() accidentally
when it wasn't supposed to.
* BreadCrumbsTag default icon is now "," instead of ">", since
it was not a) proper XHTML, and b) it was confusing people.
Reported by Dirk Fredericx et al.
* DefaultURLConstructor was still assuming all URIs are in
Latin1 instead of relying on the request encoding. This would
cause problems with non-Latin1 page names (even when using UTF-8).
Reported and fixed by Mikkel Troest.
* 2.3.101
* Upgraded to OSCache 2.3.1 to fix some issues with stability
* VariableManager is now slightly faster.
* VariableManager no longer outputs HTML (due to the new
rendering system which thinks that HTML is dangerous).
* WebContainerAuthorizer is now a bit more verbose if
there is no internet connection and it cannot find local
DTDs. It also throws a InternalWikiExcepton instead of
a generic RuntimeException or a NullPointerException...
* I don't know why, but SpamFilter.Host was a public class;
made it private for now...
* JSPWikiMarkupParser now caches the outlink image, and
does not generate it new each time. This gives us roughly
a 2% saving on each rendering... Oh, the things you
learn when you run a profiler against your app!
* Added plenty'o'javadocs to parser/rendering routines.
* Tiny cleanups and tweaks all around; mostly concerning
allocating proper size StringBuffers to avoid resizing
overhead.
* CachingAttachmentProvider no longer outputs HTML when
asked about the cache size.
* CachingProvider would fail to call Cache.cancelUpdate()
in some certain rare conditions. Over time on a busy wiki
they would accumulate and hang all the HTTP responder
threads.
* VersioningFileProvider was a bit relaxed about closing
streams in error situations. Now handles them properly.
* RenderingManager cleaned up a lot; new parameter
jspwiki.renderingManager.capacity added. Also the
renderingManager.useCache is now gone; set the capacity
to zero to turn off caching.
* WikiServletFilter is now a bit more tolerant towards
Exceptions - it actually restores the NDC now...
* Rename.jsp had an extraneous encodeName(), causing
page rename failing if it was renamed to anything outside
the ASCII range. Fix contributed by Mikkel Troest.
* TestHttpServletRequest now implements the required
extra methods for the newest servlet API, so it can be
compiled in newer environments.
2006-04-13 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.100
* Fixed BugOptimizeFileUtil.copyContents. FileUtil ops
are now way faster. Thanks to Kees Kuip!
* Typo fixed in BasicSearchProvider; thanks to Chuck Smith.
2006-04-12 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.99
* Variables in plugin parameters and body are now expanded.
e.g. [{SamplePlugin text='{$jspwiki.baseurl}'}]
* Added missing accessKey parameter to LinkTag. Reported
by Dirk Fredericx.
2006-04-10 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.98
* Killed extra <param> tag definition from jspwiki.tld; it was
there twice.
* AuthorizationManager.resolvePrincipal() no longer dies if JAAS
is not in use and someone still tries to set an Acl.
* WikiSecurityEvent now uses Jakarta Lang ArrayUtils. Hooray
for code reuse!
* SpamFilter rewritten so that it can use the usual format of
a blacklist; default is to use SpamFilterWordList/blacklist.txt,
but you can control it with a filter parameter "blacklist".
* Both CachingAttachmentProvider and CachingProvider had issues
in case the underlying provider would fail, and might hang.
* LinkTag was not properly parsing the Param tag in case you just
specified a context.
* Fixed a huge bunch of Javascript and CSS issues from Dirk
Fredericx. Fixes BugV2.3.90SomeJavascriptBugfixes.
* InfoContent.jsp was behaving erratically with attachments;
e.g. the version history was missing altogether. Thanks to DF!
2006-04-10 Erik Bunn <Erik.Bunn@basen.net>
* 2.3.97
* Fixed PageRenamer.renamePage(): pages referring to renamed page
are now looked up before that information is destroyed. Makes
updating referring pages much easier.
2006-04-09 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.96
* Split the wikipages to corepages and documentation. We
now generate two zip files into the binary distro:
JSPWiki-doc.zip, which contains all the javadocs, plain-text
documentation and documentation-related wikipages, and
JSPWiki-corepages.zip, which contains the pages which are
necessary for JSPWiki to run. This should make it easier
for people to get going. The file which determines which
pages belong to the "corepages" set is under src/webdocs/.corepages
* Added patch from Mikkel Troest to fix an attachment delete issue.
* Added patch from Lars Orta to create a HTML report for all
JUnit tests.
2006-04-05 Erik Bunn <Erik.Bunn@basen.net>
* 2.3.95
* Added missing call to super.initTag in LinkTag.initTag
* 2.3.94
* Added initTag() to all tags extending WikiTagBase, and
release() to all extending regular tag support classes.
(Switched release() to initTag() in WikiLinkTag, accordingly.)
* Added release() to WikiLinkTag to clear page etc. from cached
tags. This caused the wrong page name to be used in certain uses
of LinkTag.
2006-04-03 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.93
* RenderingManager would hang if rendering would fail. This
might explain some hangs.
* With relation to the above: JSPWikiMarkupParser is now protected
against lines which are too long (the PushBackReader would
overflow). Interestingly, this and the above bug were exposed
by a spammer advertising mobile ringtones with a really, really,
really long line and lots of links.
* Added "jspwiki.security" to turn off jspwiki security model.
Allowed values are "jaas" (default) to use built-in JAAS security
model, or "container" to use the old 2.2 model. Please note
that using "container" does not yet disable any UI functionality.
2006-04-02 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.92
* Fixed BIG issue with LinkTag: it did not clean its parameters
properly in case it was pooled. Added initTag() method to
WikiTagBase. Reported by Terry Steichen; found by Frank Fischer.
2006-03-29 Andrew Jaquith <andrew@freshcookies.org>
* 2.3.91
* Enhancement: Added a new PagePermission target "update" that
serves as a shorthand for "edit the text on the page" AND
"upload files". The "edit" target, meanwhile, has been changed
to mean ONLY "edit the text on the page." The default policy file
now states that anonymous and asserted users can edit all pages
(but they cannot upload files). Authenticated users can, by default,
modify all pages (i.e., edit AND upload).
* Bugfix: Fixed PolicyLoader so that there are no import dependencies on
private Sun classes for PolicyFile and Configuration (JAAS). Instead,
we read the appropriate security provider properties from the JVM and
instantiate the classes using Class.forName().newInstance. This is MUCH
cleaner and portable, and it *should* enable JSPWiki to work on WebSphere,
Resin and other containers that use non-Sun JDKs, JAAS configuration
implementations or J2SE PolicyFile implementations. As fixes go,
this is a good'un. If you have been having trouble making JSPWiki work
on combinations other than Sun JDK + Tomcat, you should give this
version a try.
* BugFix: Added a new PermissionCollection implementation that
fixes a subtle corner-case bug with the security policy file.
If only the JSPWiki AllPermission was granted to a particular group
(i.e., the grant block did not specify any other permissions), the
implied WikiPermissions and PagePermissions were NOT inferred as
they should have been.
* Bugfix: Found and killed an NPE in TextUtil that was causing NewGroups.jsp
to fail.
* Minor changes to test security policy file.
2006-03-22 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.90
* Fixes BugTemplateManagerRESOURCESTYLESHEETNok
* Adds a new resource request type RESOURCE_INLINECSS at
the request of Dirk Fredericx.
* Added the necessary include to INLINECSS to commonheader.jsp
* WikiEngine.getViewURL() is now null-protected. Some
templates were actually using it, but code wasn't working
as expected.
* Added patch from Kalle Kivimaa to flush the referring
rendered pages if page started to exist.
* Tabs for UserPreferences did not work due to a slight
mistake in previous patch...
2006-03-22 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.89
* Bug fix: in certain cases DefaultURLConstructor would get
a null name and have a seizure. Thanks to Terry Steichen.
* Incorporated patch from Chuck Smith to support multiple
editors.
* Bug fix: BugDefaultTemplateViolatesJSPSpecification.
2006-03-20 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.88
* Previews are now fixed. We no longer use pageContext.forward()
but we send an honest, hardworking redirect (and store the
edited text in the session).
* Ditto for PageModified.
2006-03-16 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.87
* Bug fix: XmlUserDatabase would default to the distro
user database in /WEB-INF/ if the user-set database was not
found. However, this made it practically impossible to
bootstrap a new user database, as you needed to create the
file by hand...
* Bug fix: Page attributes were not available, if the page
data was saved by ReferenceManager. Now ReferenceManager
also caches the page data under $workDir. This should
resolve quite a few problems relating to user groups
not being valid until they are modified, etc.
* Made the ACCESS_DENIED event an INFO level event, simply
because my mailbox started to fill with JSPWiki ACCESS_DENIED
events (they are generated in a bit too chatty fashion).
* DefaultURLConstructor now gets Delete.jsp as well
* Mucked about in InfoContent.jsp to fix a problem with
it actually sending the wrong context... Credit to
Terry Steichen.
2006-03-07 Erik Bunn <Erik.Bunn@basen.net>
* src/webdocs/templates/default/InfoContent.jsp: Moved delete
forms into single td blocks. Fixes weird rendering problem
that sometimes caused delete tr to be invisible in firefox.
2006-02-23 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.86
* Removed HttpUtil.getBaseURL(). It just did not work,
and was causing major pains with people. However:
* Got rid of <wiki:BaseURL/> from the default template. Now,
if you specify jspwiki.referenceStyle=relative, you should
be getting relative URLs everywhere, if possible. This was
a major change, so there might still be bugs related to this.
To be precise, you are likely to get absolute paths, but
with no hostname (this depends on your URLConstructor).
* LinkTag gained a new parameter: templatefile (which is a
shortcut to point at a file in the current template)
* Added missing Param tag in the jspwiki.tld
* Bug fix: Attachments would generate an illegal id for
headings. Removed the "/" and replaced it with "_".
* Deprecated RSSCoffeeCupImageTag. No point in coding for
a single platform. It will be removed in 2.6...
* Added a new RSS feed icon.
* Fixed problem with LinkTag forgetting to close anchor
(reported by many people, sorry I totally missed this).
2006-02-28 Andrew Jaquith <andrew@freshcookies.org>
* 2.3.85
* Added an informational logging message to PolicyLoader
that makes it clear when JSPWiki can't install its security
policy because another one is already in use.
Credit: Terry Steichen
* Bug fix: PermissionTag didn't recognize the new root-like
AllPermission. It now accepts it as an argument to the
"permission" attribute (the first letter is lowercase). Thus,
<wiki:Permission permission="allPermission"> will evaluate
the tag body if the current user posseses AllPermission for
the wiki; if not, the contents will be skipped.
Credit: Terry Steichen
2006-02-26 Andrew Jaquith <andrew@freshcookies.org>
* 2.3.84
* Cosmetic: added NewGroup.jsp and Login.jsp as "special page"
references in jspwiki.properties. This prevents these pages
from displaying the name "Main" at odd times.
* Bug fix: eliminated that annoying "User 'null' has started
editing this page...." bug. Embarassingly dumb error.
* Bug fix: in WikiSession class, wrapped cached WikiSessions
with WeakRefererences to allow garbage collection when user's
HttpSession expires.
* Enhancement: added a static method sessions() to WikiSession
that counts the number of active wiki sessions. Added a
simple wiki plugin, SessionsPlugin, that returns the same.
Slight re-organization of WikiSession (static methods now
at bottom). Sample usage:
There are [{INSERT SessionsPlugin}] active wiki sessions
2006-02-25 Andrew Jaquith <andrew@freshcookies.org>
* 2.3.83
* The jspwiki.policy file now includes a sample 'Admin' group
that demonstrates how to grant administrative privileges
(AllPermission). It is *not* enabled by default.
* Bug fix: Authenticated users belonging to wiki groups were
erroneously seeing the group name, not their full names, added
as authors to comments and pages. WikiSession was not checking
for GroupPrincipals in several places. This has been fixed.
Credit: Janne Jalkanen
* Bug fix: Group principals are now only injected if a user
has successfully authenticated.
* Enhancement: build.properties and jspwiki.properties now
support configuration of a log4j-based security log. The
default name is security.log. Use it to view error conditions
or more detailed trace information about login/logout events,
authorization decisions and more. To provide this capability,
WikiSecurityEvent constructors were modified to add log entries
to the Log4J Logger "SecurityLog".
* AuthenticationManager and AuthorizationManager gain support
for wiki security events: login/logout, and access granted/denied,
respectively. These classes also were lightly re-organized;
the classes themselves, and all of their methods, were made final.
* All add/removeWikiEventListener() methods, in all classes,
are now synchronized.
* Due to the addition of logout events to WikiSecurityEvent,
the method AuthenticationManager.logout() is no longer static.
As a result, Logout.jsp changed slightly.
2006-02-23 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.82
* BreadcrumbsTag.doWikiStartTag() is no longer final.
I don't understand why it was final in the first place...
* Tiny refactoring: moved Event routines to a
new com.ecyrd.jspwiki.event package. No functionality
changes today.
2006-02-21 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.81
* Bug fix: BugPreformattedTextDoesntWorkAnyMore
* Bug fix: BugPleaseMakePaperclipPicsConfigurableJustLikeOutlinks by
making the "jspwiki.translatorReader.useAttachmentImage" available.
Set to "false" to turn paperclip images disappear.
* Bug fix: page deletion would screw up Refmgr internal databases,
and not serialize on disk.
* Bug fix: BugTableOfContentsCausesHeapdump
* Bug fix: BugTimingErrorInVersioningFileProvider.getPageProviderString
(Thanks to BobKerns!)
* Tinkered around a bit more with RefMgr, hoping to fix these
"disappearing references" -issues.
* Bug fix: BugStrangePageNameLogic (Fixed by changing
MarkupParser.cleanLink() to a far more efficient version. It's a whole
lotta faster, too.)
* Bug fix: If the local entity resolver cannot resolve the entities,
it now reverts to default operation (instead of dying with an NPE).
* Added a bunch of Javascript issues from Dirk Fredericx. Thanks, man!
2006-02-21 Andrew Jaquith <andrew@freshcookies.org>
* 2.3.80
* Bug fix: Granting default permissions to wiki groups in the jspwiki.policy
security policy file is now supported. To do this, AuthenticationManager
injects 'GroupPrincipal' tokens into the wiki session's Subject at
login time. GroupPrincipals are also dynamically injected into the
appropriate sessions when groups are created or changed -- this means
that users do not need to log out in order to see the effect of group
membership changes on default policies. This is a rather clever bit of
programming if I do say so myself.
* Enhancement/API change: to support dynamic GroupPrincipal injection,
the core jspwiki package receives a new top-level class WikiEvent,
a subclass auth.WikiSecurityEvent, and a listener class
WikiEventListener. GroupManager and the Group interface gain a new
method to register listeners (addWikiEventListener()), and a
corresponding method for removal (removeWikiEventListener()).
DefaultGroupManager and DefaultGroup fire security events to these
listeners whenever wiki groups are added, changed or deleted.
* Enhancement: the JSPWiki security policy now supports permission grants
to wiki group principals (GroupPrincipal). In addition, a new Permission class,
auth.permissions.AllPermission, grants administrative rights to specific wikis
(or all, with the wildcard). The combination of these two enhancements means
that wiki groups can now possess administrative rights. See the security policy
for a sample grant block.
* Deprecation: the built-in Role.ADMIN enum has been eliminated. Use
com.ecyrd.jspwiki.auth.GroupPrincipal in jspwiki.properties instead.
* Deprecation: the jspwiki.properties property 'jspwiki.admin.user' is
now irrelevant because all administrative grants are handled exclusively
via the policy file.
* Bug fix: added a "local entity resolver" to WebContainerAuthorizer
to prevent the need to call out to the network for the webapp 2.3 DTD
when parsing web.xml. Also, refactored the parsing logic to use the JDom
SAX parser (and XPath) instead of JAXP. Added new directory etc/dtd;
this is copied to tests/etc/WEB-INF at test-time, and also into the WAR.
Credit: Marc Patteet
* Bug fix: patched WikiSession to treat null messages as empty strings.
Credit: Dan Frankowski.
* Build.xml now uses its own security policy file for testing rather than
the production version in etc. The build file also copies the webapp 2.3
DTD to the WAR.
2006-02-21 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.79. Moved to new apartment, now back on coding
track...
* WikiEngine.deletePage() is now protected against trying to
delete pages that don't exist.
* FileSystemProvider did not delete associated metadata files
during deletePage().
* ReferenceManagerTest is now a lot more careful about not leaving
a corrupted refmgr.ser file behind. Unfortunately, this exposed
a consistent bug somewhere...
* Some tests tweaks and iterations.
2006-02-12 Andrew Jaquith <andrew@freshcookies.org>
* 2.3.78
* Pulled JSP scriptlet code that stashes WikiContexts into
into the WikiContext method hasAccess().
* Bug fix: added "temporary" fix to WikiContext.hasAccess()
to redirect users to the login page, rather than send a
"forbidden" error, for authenticated users failing to access a
page. This resolves a case where access to pages fail "open" due to
WikiServletFilter's response wrapping.
* Bug fix: modified the way WikiSession.getUserPrincipal()
parses Principal objects that was causing this method to
return either "full name" or "wiki name" principals,
seemingly randomly. The method is now guaranteed to return
a "full name" principal for users who have logged in.
2006-02-09 Erik Bunn <Erik.Bunn@basen.net>
* 2.3.77
* Added option jspwiki.renderingManager.useCache to properties;
set to false to prevent RenderingManager from caching DOM trees.
2006-02-04 Andrew Jaquith <andrew@freshcookies.org>
* 2.3.76
* Bug fix: changed behavior of AuthorizationManager
to prevent privilege escalation with Asserted users.
The method AuthorizationManager.hasRoleOrPrincipal() now
ALWAYS returns false when the user isn't authenticated, AND
the principal/role being queried isn't a built-in role like
Anonymous, Asserted etc. Thus, to gain access to pages that
name a specific user, that user is now REQUIRED to log in.
Ditto for groups he or she belongs to. The exception is
for ACLs that contain built-in roles; e.g., "allow Asserted
users to view" is allowed. Adjusted several unit tests
and created a new web unit test to verify.
NOTE: a consequence of this change is that ALCs that
specify "ALLOW Guest" **will not work** any longer (because
Guest is a principal, not a built-in role). Please use
"ALLOW Anonymous" instead.
* Bug fix: build.xml's web unit tests were not guaranteeing
use of XMLUserDatabase for non-JDBC tests. If built with
a jspwiki.properties.tmpl that specified the JDBC database,
this caused certain web unit tests to fail. We now force
the user database implementation for all web unit tests.
* Bug fix: Ebu's 2.3.75 fix had the undesirable side
effect of hosing all relative URLs (while fixing all of
the absolute ones). WikiContext has been reverted to
its previous state. The real culprit turns out to
be in DefaultURLConstructor.doReplacement(). We have
added a web unit test suite to test for absolute URLs,
and also for relative URLs (these are manipulated in
jspwiki.properties prior to deployment of the test WARs).
* WebContainerAuthorizer now throws a RuntimeException
if it cannot somehow parse the web.xml. This isn't ideal,
but it's better than ignoring the error. Credit: J?rgen Weber.
* Removed unused imports and unreferenced objects in
multiple classes. This does not affect functionality.
* Removed obsolete "useOldAuth" refs from test
jspwiki.properties.
* Many Javadoc tweaks and additional comments.
2006-02-02 Erik Bunn <Erik.Bunn@basen.net>
* 2.3.75
* Fixed WikiContext.getURL(...) test for absolute reference style.
2006-01-29 Andrew Jaquith <andrew@freshcookies.org>
* 2.3.74
* Web unit test scripts gain 3 more tests, which verify that
JSPWiki users can 1) create new pages (no ACL), 2) create new pages
with unrestricted view permissions and 3) create new
pages with restricted view permissions.
* Slightly tweaked WikiContext to make hasAccess() more
flexible; redirection-on-failure can optionally be turned
off. Removed WikiContext.REGISTER; it is obsolete. Also,
removed WikiPermission.REGISTER target; please use EDIT_PROFILE
instead.
* WikiServletFilter now takes responsibility for setting
Log4J NDC logging contexts. It also now takes care of WikiSession
message cleanup. All top-level JSPs changed (very) slightly,
and are simpler, as a result.
* Bug fix: CommentContent.jsp now defaults to the "Add Comment"
tab. Credit: Dirk Frederickx.
* Bug fix: quick2Top and quick2Bottom markers no longer have
an annoying underline. Credit: Dirk Frederickx.
* Bug fix: inlined images were not being displayed due to the
attachment not being considered in PagePermission.implies().
We now discard the attachment name completely when constructing
PagePermissions, which means that a page's permissions now
ALWAYS imply the same permission on its attachments, and vice-versa.
* Bug fix: LoginContent's error message now correctly displays
a "you don't have access to page __(foo)__" if the user
needs to log in.
* Bug fix: test version of userdatabase.xml modified to include
dummy created/lastModified timestamps. The lack thereof was
creating scary (but entirely harmless) messages in jspwiki.log.
* Bug fix: added WikiPermission "*", "login" to jspwiki.policy.
It should have been there previously...
* Bug fix: changed WikiServletFilterMappings to explicitly
list URL patterns, rather than the wildcard (/*). This fixes
the infamous "disappearing images" problem with Tomcat 4.1.
Also removed Register.jsp as protected resource, since it
vanished a long time ago anyhow.
2006-01-23 Erik Bunn <Erik.Bunn@basen.net>
* 2.3.73
* Added ParamTag (provide name-value pairs to enclosing
ParamHandler tag) and ParamHandler (capability to accept
contained name-value pairs).
* Modified LinkTag to implement ParamHandler and accept
body content. The purpose is to support linking to custom
JSPs with any parameters.
2006-01-22 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.72
* Changed WikiContext.checkAccess() to return a boolean, so
that JSP pages can actually check whether they should return
from processing or not. This should fix a number of strange
bugs.
* Renamed WikiContext.checkAccess() to WikiContext.hasAccess()
to reflect its new role.
* Added TabTag and TabbedSectionTag, which cleaned up the default
templates *enormously*. Thanks heaps to Dirk Fredericx!
* Added some extra safeties to URL Constructors to make sure the
proper encoding is being used in UTF-8.
* The Ant war-task did not properly place jspwiki.jks in the
WAR file, causing problems if the keystore was somewhere else
than in the default location.
2006-01-16 Andrew Jaquith <andrew@freshcookies.org>
* 2.3.71
* Weblogentry-related CSS are now less fugly.
2006-01-14 Janne Jalkanen <jalkanen@ecyrd.com>
* DefaultPermissions.txt is now gone. Thanks to Frank Fischer.
2006-01-13 Andrew Jaquith <andrew@freshcookies.org>
* 2.3.70
* Tweaks to web unit tests to make auto-deploy scripts
work with Tomcat 4.1.
* Bug fix: XMLUserDatbase was dying horribly in
certain cases with WAR deployments.
* Added more 'create wiki group' unit tests
2006-01-11 Andrew Jaquith <andrew@freshcookies.org>
* 2.3.69
* Minor tweaks to web unit tests; they now use the same
test user and password as the unit tests. Small adjiustments
to JDBC setup scripts to inject test users into database
at setup time.
* Added 'create wiki group' web unit test
2006-01-10 Andrew Jaquith <andrew@freshcookies.org>
* 2.3.68
* We now have basic web unit tests, courtesy of the integration
of JWebUnit into build.xml and tests/etc/webtests.xml.
Four jars were added to the 'lib' dir for testing. Web unit
testing simulates a browser's experience and verifies that
the following test cases run properly:
- Anonymous viewing (Main and About pages)
- Setting asserted name via cookies
- Creating user profiles
- Logging in to JSPWiki using a password
Four combinations are explicitly tested: custom and container
authentication, each of these with both the XML and JDBC user
database types. Note to developers: the Ant task
"webtests" should be part of your test plan. Learn, love
and embrace JWebUnit. It's easy to express test cases
with it, and we will (no doubt) be creating more test cases
as we go... see examples in package com.ecyrd.jspwiki.web.
* Rules for accessing UserPreferences in container-mananged
environments have been relaxed significantly: users do not
have to be logged in to edit preferences or their profiles.
Instead, unauthenticated users attempting to create a profile
receive a polite error message directing them to log in first.
If the container shares user data with JSPWiki, the profile
will be saved, and the user will as a result be registered
with the container.
* UserDatabase interface receives one new method:
isSharedWithContainer(), to permit JSPWiki to serve
as a web container user registrar (see previous bullet).
Also, jspwiki.properties receives a new property:
jspwiki.userdatabase.isSharedWithContainer
which defaults to false. Only JDBCUserDatabase uses it now.
* UserCheckTag gains an extra status type: "setPassword"
which identifies whether users are allowed to change their
JSPWiki passwords. For custom-auth configurations and
container-auth configurations with shared user databases,
this will be true. For most container auth scenarios (i.e.,
where user data is not shared), this will be false.
* WikiPermission receives a new permission type, "editProfile"
that is better aligned with the streamlined profile pages
introduced in 2.3.48; "registerUser" is officially deprecated
and will be completely eliminated in a future build. To
register users, you MUST add the "editProfile" permission
for each required Role, otherwise the profile tab will be blank.
I am sorry about this -- but I promise this will absolutely be
the last change we make to the policy grammar prior to
official release. See the sample jspwiki.properties.
* Bug fix: UserDatabase contract now specifies that setting
created/modified timestamps is now the responsibility of
the implementation, and is no longer done by UserManager.
* Bug fix: email field on profile form now obeys the docs:
is is now, in fact, optional, and won't prevent profile
saving if omitted.
* Bug fix: PreferencesContent's tab highlighting works better,
if not perfectly. Credit: Dirk Frederickx.
* Bug fix: etc/db was erroneously (if harmlessly) being
included in WAR builds.
* JBoss login-config.xml JAAS sample snippet appended to
jspwiki.jaas. Credit: Milt Taylor.
2006-01-10 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.67
* XHTMLToWikiTranslator now supports <strong> and <em>
* XHTMLToWikiTranslator now supports different URL Constructors
(which makes FCK run again)
* Fix for BugRSSHasInvalidDccreatorProperty (well, not really
a fix, but it should play nicer with aggregators).
* Refactored XHTMLToWikiTranslator tests - they were actually
not working at all... Shame on me for not noticing earlier.
2006-01-07 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.66
* WikiEngine now checks whether a page has changed before
committing it. This should help reduce all the empty changes
that people do when they just click "save" in panic.
* InputValidator now accepts email addresses of the form
"firstname.lastname@something" and "name+extension@something".
* Added a tiny sanity check in WikiServletFilter
* Added EditFindReplaceHelp which was missing...
2006-01-05 Andrew Jaquith <andrew@freshcookies.org>
* 2.3.65
* Bug fix: XMLUserDatabase now commits using proper UTF-8.
It was not doing so previously, in spite of an XML header that
suggested otherwise.
* Bug fix: InputValidator's validate() was rejecting
null or blank strings as invalid. This is incorrect
behavior, and these values now validate. Note that the
validateNotNull() method should be used if checking for
blank/null strings is required.
* JDBCUserDatabase gets basic support for inserting
an "initial role" row into a admin-defined roles table.
This is designed to enable JSPWiki to serve as an
enrollment mechanism for container-managed users, in
those cases where the container and JSPWiki share
user information. A future set of commits will include
adjustments to WikiPermission, UserManager and
UserPreferences to support the UI aspects of container
enrollment functionality. We do *not* envison broader
role management capabilities for JDBCUserDatabase,
other than just this initial role row insert support.
2006-01-02 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.64
* Fixed a relatively serious bug which was caused by
FormSet doing a very selective remove() on its parameters;
this was relying on the fact that the FormSet parameters
are not stored (which was true on the old TranslatorReader).
The new RenderingManager stores the parsed parameter arrays,
which means that plugins Shall Not Modify their parameters,
or risk getting the same data back again the next time.
(However, if the page data expires, then you shall get the
original parameters.) I am not sure whether this is good
behaviour...
In effect, this fixes problems with jspwiki.org bug reporting
system.
2006-01-01 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.63
* Fixed a number of failing tests (table and refmgr)
* Fixed table of contents generating faulty section
references for percent-encoded headings.
2005-12-30 Erik Bunn <ebu@memecry.net>
* 2.3.62
* Modified AttachmentServlet, LinkTag, InfoContent.jsp to fix
attachment revision upload bug.
2005-12-21 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.61
* Quick fix from Dirk: table sorting works again.
* Favourites menu looks a bit better now.
* Added link to the Favourites menu in the UserPreferences.
* Bug fix: trying to upload a new revision of an attachment
resulted in a broken directory structure. This is still
buggy, you can't upload a new revision of a file.
* Did some tweaking of the jspwiki.css to make it a bit
more accessible (the link underlines are back, and you
can now actually read the titles, if you made the array
sortable).
2005-12-20 Erik Bunn <Erik.Bunn@basen.net>
* Modified jspwiki-common.js: overriding Array prototype
potentially breaks 3rd party scripts using arrays as maps.
Use ExtArray, instead.
2005-12-19 Andrew Jaquith <arjaquith@mindspring.com>
* 2.3.60 aka the "Neat and Tidy" release
* Complete, radical overhaul of the standard CSS jspwiki.css.
It is organized (!) and significantly trimmed back from its
former sprawling self. Note the new <div> classes "error"
"information" and "warning". These have been substituted into
one-timer classes like "versionnote". The styles, overall,
have had most of the rough edges rubbed out... not perfect
but it's a start -- not all of Dirk's recommendations made
it in.
* Tweaked PageActions by substituting page up/down icons for
webdings. Also, comment permissions are checked instead
of assuming edit (credit: Benedikt Rausch).
* Adjusted table generation routines in JSPWikiMarkupParser
and ListLocksPlugin to inject class="odd" attributes
into generated table rows. LLP also gives tables
the style "wikitable" and now emits XHTML-compliant markup.
* Added attribute "div" to <wiki:Messages> tag to allow
messages to be neatly wrapped. Default class is "information".
This required minor tweaks to several JSPs.
* Turned LeftMenuFooter into a blank page, which makes the left
menu area nicer and cleaner. The default did nothing but display
referring pages, which we already know how to do via the
PageContent tabs. Less clutter, mo' better!
* LeftMenu.jsp and LeftMenuFooter.jsp are laid to rest, with honors.
* Commented out the <resource-ref> in web.xml for jdbc/UserDatabase;
it isn't on by default anyway, and it was causing JBoss to emit
a harmless (but annoying) error messages (credit: Milt Taylor).
2005-12-19 Erik Bunn <ebu@basen.net>
* 2.3.59
* Bug fix: reordered AttachmentServlet to get rid of an
HttpServletRequest reader/input stream access error when running
under Jetty. The Multipart library in the servlet fetched the
input, WikiEngine.createContext() attempted to modify it, and
Jetty, being strict about this, threw an exception.
2005-12-17 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.58
* Bug fix: Comment preview no longer views double
* Bug fix: Comment preview no longer loses author/link
information.
2005-12-14 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.57
* Just improved some output coming from the AttachmentServlet.
* Fixed a few instances of still using Category instead of
Logger.
2005-12-13 Andrew Jaquith <arjaquith@mindspring.com>
* 2.3.56
* Lots of cleanup to the top-level JSP pages: all of
the permission-checking is now in a new WikiContext
method called checkAccess(HttpServletResponse).
The workflow now goes like this: if a non-authenticated
user tries to access an unauthorized page, he or she is
redirected to the login page. If already logged in,
JSPWiki returns a standard 403 (forbidden) code. We
will likely use a nicer error page in the future.
LoginError.txt goes away; it is not needed any more.
* User profile save operations now have *actual* input
validation, courtesy of InputValidator. The email
address is checked for conformance, and the other
fields (except password) are checked for nasty
characters like angle brackets. Yes, yes, we know...
what took us so long? There's more to do but it's a
good start.
* UserProfile.jsp gets some clever scriptlet hackery
via the 'tab' parameter to activate (or preserve)
a particular tab. This fixes the "disappearing profile"
issue during save operations.
* WikiSession receives a series of new methods for
stashing, retrieving and clearing UI messages. These
are used primarily for auth-related messages but
are generic. All of the JSP pages that previously
stashed "msg" objects in the HttpSession now use these
methods. A companion JSP tag <wiki:Messages> makes
printing messages dead-simple.
* AuthManager's logout() method resets the entire HTTP
session, like it used to.
* UserManager validation routines were moved into new UI
class InputValidator; additional refactorings including
the new validation classes and WikiSession messages.
* XMLUserDatabase now relies on its own cheap-and-cheerful
DOM writing routine. Errors using the standard J2SE
TRAX APIs were previously causing the users not to be
written to disk.
* Fixed several failing auth.* tests.
2005-12-12 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.55
* ReferringPagesPlugin and the like now also have the "include"
-parameter.
* Preview was showing things twice (missing return -statement
in Edit.jsp... oops.)
2005-12-10 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.54
* AttachmentServlet no longer throws an exception with
overzealous clients.
2005-12-09 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.53
* Unknown file types would cause an exception when generating
enclosures in RSS feed.
* Wiki page RSS feeds are now a bit more descriptive.
* Removed extra attributes for EditorTag from jspwiki.tld.
* AuthenticationManager now uses less invasive logging levels
if someone typos their username... Less email for me, hooray!
* DiffLinkTag has now some small NPE protection... Fixes
symptoms, not cause.
* RSS now also supports ETags.
* Fixed an issue with Javascript - HighlightWord would sometimes
die (thanks Dirk!)
2005-12-07 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.52
* Removed some extra crud from jspwiki.css.
* Removed extra quotes from LinkTag. Oops...
* Fixed an issue with Diff.jsp (page names were not recorded,
if you changed from it).
* Hopefully fixed an issue with IE and leftmenu disappearing.
* 2.3.51
* Added "accesskey" parameter to LinkTag. Thanks to Gregor
Hagedorn!
* InfoContent.jsp would fail if there was only one
version of a page. Thanks to Dirk for pointing this out!
2005-12-06 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.50 alpha.
* Added collapsebox from BrushedTemplate. Also synced
some search stuff from Brushed.
* TableOfContents are now collapsable.
* Moved the layout around a bit - actions are now a part of
Header.jsp and Footer.jsp. This allows us to do a slightly
nicer layout, I think.
2005-12-04 Janne Jalkanen <jalkanen@ecyrd.com>
* 2.3.49
* Added LinkTag at the request of Gregor Hagedorn. It
does pretty much everything. Adding documentation later...
This class also needs some serious working so that the
functionality could be offered to other classes as well
(such as the Image plugin).
* Hopefully fixed the "my username is null" -problem, which
would occur, if you were both logged in and had a cookie.
* Added a patch from Matt Luker to allow numbering in
TableOfContents.
* InterWiki links are now also checked for image inlining.
Merry Christmas :)
* FCK.jsp had two elements reversed. Thanks Dirk Fredericx!
* Diffs now use code from BrushedTemplate by Dirk.
* WikiServletFilter was letting only US-ASCII through - oops...
* WikiForms can now handle UTF-8.
* TableOfContentsPlugin font size was set accidentally to zero
in jspwiki.css. WTF?
* Reworked the jolly old "include correct CSS based on browser"
to be a proper Javascript method call.
2005-11-29 Andrew Jaquith <arjaquith@mindspring.com>
* 2.3.48
* Major refactoring of UserPreferences.jsp. The separate
registration page is now *gone* and merged into the
prefs page. The prefs page itself now has tabs --
one for the user profile, and one for prefs. This
means we can relax a few of the security assumptions
at the JSP level, since they are already baked into
the core UserManager APIs. (Addresses Dirk's requests.)
* Setting the user name via cookies is back!
* The security policy was loosened to allow anonymous
users to edit their pref. WikiPermission "EditPreferences"
has been broadened in meaning to include prefs AND
profiles, while "RegisterUser" means simply the ability
to create a profile. RegisterUser will *probably* vanish
or be renamed in the near future.
* SpecialPage REGISTER now points to UserPreferences.jsp
* UserPreferences now implements a caching scheme for user
profiles that downstream classes like UserProfileTag
need. Also, UserPreferences gets a second password
(confirmation) field. UserManager receives additional
validation logic for processing same.
Everybody's happy, but especially Dirk.
* Bugfix for XMLUserDatabase that caused funny auth
problems if the jspwiki.properties userdatabase prop
was commented out. (Credit: Janne)
* Favorites/PageActions get context-sensitive
"Log in" "Logout" and "Create group" links.
* Build.xml gets some stub code for HTTP/web unit testing.
There aren't any tests just yet, but we do have a
snappy Tomcat auto-deploy mechanism now.
* Thanks to the magic of XyleScope, the default
jspwiki.css gets some small tweaks to make the overall
styles a bit more aesthetically pleasing and consistent.
* "You are anonymous" discreetly disappears.
* Temporary bugfix for infinite-redirection loop issue with
Login.jsp... introduces another one...
* This release introduces a known bugs: a "redirect loop"
occurs when using container-managed auth and accessing
a forbidden page. This will be fixed in my next
checkin.
2005-11-27 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.3.47
* Added "type" parameter to IncludeResourcesTag. This allows you
now to include multiple types of resources in different places.
* Quite a few top-level JSPs had the old EditorManager package,
oops.
* Added quite a lot of stuff from BrushedTemplate, including
collapsible lists, sortable tables, etc.
2005-11-26 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.3.46
* Reworked EditContent.jsp to account for changes in editor
system.
* Variable content is now escaped before shown. Thanks to
Gregor Hagedorn for pointing this out.
* Added new package: module, containing ModuleManager and
WikiModuleInfo classes.
* Added WikiContext.findContext() to make life a bit easier
for template writers.
* Moved TemplateManager to new package: ui.
* Added etc/ini/jspwiki_module.xml to contain some defaults.
* Added WikiServletFilter and the ability for plugins, etc to
request an injection of things in the header. This is done by
adding <wiki:InsertResources> in commonheader.jsp. It inserts
a particularly formatted comment in the header, which is then
replaced by WikiServletFilter. A plugin may request a script
or a CSS file by using new methods in TemplateManager. Based
on ideas and code by Kees Kuip.
* Removed editors from Java files and put them in JSP files
under templates/default/editors/. It's now possible for a template
to override any editor, or to use any editor they like. It
should also make editors pluggable components.
* Continuing template rework. Reworked EditorTag, removed
EditorAreaTag. Added RequestResourceTag and InsertResourcesTag.
2005-11-22 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.3.45 aka "The Great Template Break"
* Added serialVersionUID to most classes that were missing it.
* Added EditorManager class. It's currently somewhat dummy,
but it should allow fully pluginizable editors in the future.
Incidentally, this means that we got rid of EditorAreaTag...
Sorry - this breaks quite a few templates out there. But now,
if you want to create your editor, take a copy of
editors/plain.jsp, put it in your own template directory, and
modify the blazes out of it.
* Got finally rid of the very confusing "text" parameter for
all editors. The new parameter name is
EditorManager.REQ_EDITEDTEXT. Note that this may break your
current configurations.
* Hopefully finally fixed BugHtmlCharEntitiesMishandledInPreview.
* Fixed BugIncorrectServletAPIVersionInREADME.
2005-11-15 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.3.44
* Tiny JSPWikiMarkupParser speed optimizations.
* Added build.xml patch from DaveSB to fix signing issues on
Windows.
* Added patch from DaveSB to support nested plugins.
* Added support in ReferringPagesPlugin for "exclude" -parameter:
use "exclude='pattern1,pattern2,pattern3'".
2005-11-14 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.3.43
* Fixed HTMLEntitiesAreGettingEscapedByamp and
BugHtmlCharEntitiesMishandledInPreview. It was a nasty bug
in the new rendering engine.
2005-11-03 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.3.42
* Bold and italic markup are now carried across paragraph
breaks. This is a convinience factor - XHTML does not
allow it, but we store the state.
2005-11-08 Andrew Jaquith <arjaquith@mindspring.com>
* v2.3.41
* Fixed a nasty, serious authentication bug introduced
in 2.3.35 code for checking for cookie changes. Cookie
changes were triggering "container logins", which
caused the JAAS Subject to be rebuilt from scratch.
Instead of blowing away the Subject (and associated
WikiSession) at logout time (or when the user's auth
status changes), the Subject is now preserved for the
life of the Http Session. In addition, executing
Logout.jsp no longer invalidates the HTTP session;
instead, the AuthenticationManager logout() method
simply resets the Subject's principal set instead.
* Added an invalidate() method to WikiSession that
resets user wiki session principals when requested
by AuthManager.logout(). Resetting principals
means making a user an anonymous guest user.
Refactored WikiSession's cookie-change detection code.
* All of the *LoginModule classes received
tweaks to make them work with long-lived
Subjects. In particular, login modules that
inject Role principals now remove less-prileged ones.
For example, the UserDatabaseLoginModule injects
Role.AUTHENTICATED upon login; it also explicitly
removes Role.ANONYMOUS and Role.ASSERTED
if these are found.
* <wiki:UserCheck> regains the venerable status attribute
"known", which denotes an authentication status of
"not anonymous", aka either authenticated or asserted.
This fixes an issue in the new JSP templates from 2.3.37.
* HttpUtil gets an *even more* reliable fix to
the BaseURL issue patched in 2.3.40.
* Added "SpecialPage" mappings to WikiEngine for Logout,
CreateGroup, CreateProfile, EditProfile, and Prefences.
These map to Logout.jsp, NewGroup.jsp, Register.jsp
and UserPreferences.jsp (x2).
* Login.jsp, NewGroup.jsp, Register.jsp and
UserPreferences.jsp all now use ViewTemplate
as the master template. This removes the need for
AdminTemplate.jsp, which was a kludge anyway.
That means one less template to maintain, and to hack.
Hooray!
* Favorites.jsp receives the G'day treatment.
* Cookie identities (cookie assertions) are now
set to the value of the user's full name during
custom auth login, and when user preferences
are initially set (Register.jsp) and after
user registration (UserPreferences.jsp).
Previously, we used the WikiName. However, the
full name is what's returned first by WikiSession's
getUserPrincipal() method, so we are now consistent
with that. This should partly resolve the issue JohnV
reported about user names "jumping around" between
wiki names, full names and login names. (But there
is still one more bug out there...)
* Fixed compilation errors in Rename.jsp, and added
back code to hide rename fields on InfoContent.jsp
for users who aren't entitled to see them. This
had regressed a few revisions ago...
2005-11-03 Andrew Jaquith <arjaquith@mindspring.com>
* v2.3.40
* Fixed a subtle bug with HttpUtil that was
causing BaseURLs to always print as the name
of the host as known to the web container,
which in default Tomcat deployments (99%)
is called "localhost". Rather than rely on
the fact that the user's HttpServletRequest
will *actually* return an accurate host name,
we do a quick, one-time host name resolution
lookup just to make sure.
* Added WikiContext-to-*Content template mappings
for the login and "create group" contexts. Added
wiki contexts for both.
* Corrected potetial bug with WikiSession's
getStatus() method. It now delegates to isAnonymous(),
as it should.
* WikiContext's getURL() method now defaults to
HttpUtil's method of building the base URL from user
session request information, rather than from
jspwiki.baseURL. We do this so that JSPWiki will
work nicely with HTTPS sessions. This method is
transparent to downstream JSP tags like EditLink;
they get HTTP compatibility "for free". If the
associated HTTPServletRequest is null, we default
to the old method of looking up getBaseURL() from
WikiEngine.
* NewGroup.jsp and Login.jsp now put their content
pages inside of AdminTemplate, which means they are
wrapped with standard headers and footers. Note that
LoginForm may be look a bit ugly until we get a few
kinks worked out.
2005-11-03 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.3.39
* Default RSS version is now 2.0
* Cleaned some ambiguities in the CSS file
* Moved the app and company logos into a separate div of their
own to make layout easier.
* Enabled personal favourites in the Favorites.jsp
* General cleanup and poking around in the CSS
2005-11-02 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.3.38
* Added missing search-replace Javascript code
* Added missing AttachmentTab.jsp to default template.
* NB: While most of the code comes from BrushedTemplate, I'm
cleaning it up a bit - it's not XHTML compliant, for example.
2005-10-31 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.3.37
* Bug fix: RSS feeds no longer generate &amp;quot; whenever there
is a quote (") in the stream.
* Rearranged some code relating to search and reference managing;
hopefully squashing some hard-to-find bugs.
* Bug fix: safeGetParameter() is now deprecated, as createContext()
now does the proper request.setCharacterEncoding() as per Servlet
API 2.3. Fixes BugClobberedUTF8InWikiBody. Thanks to Chris Wilson
and msb0b!
* Mass commit of new default template code, based on the
BrushedTemplate from Dirk Frederix. Note that this thing is
probably pretty broken, so please be careful.
2005-10-25 Andrew Jaquith <arjaquith@mindspring.com>
* v2.3.36
* Cosmetic fix: cookie-asserted identities containing spaces were
passing enclosing double-quotes on to the LoginModule, which had
the effect of "scare-quoting" the user's name. The offending
quotes are now snipped if detected, in HttpUtil.
* Added a bang (!) to a particular line in XMLUserDatabase
that was causing a spurious error message.
(Credit: John Volkar)
* Changed JDBC init tests so that they use column and table
mappings from tests/etc/jspwiki.properties, not
jspwiki.properties. This was confusing the JDBCUserDatabaseTest
class big-time, when custom mappings were used. Also,
added JDBC test properties to the various test/etc templates.
* Added an optional property 'jspwiki.userdatabase.hashPrefix'
that tells JDBCUserDatabase whether or not to prepend
its hash algorithm to the password hash (e.g., {SHA}).
This should increase compatibility with certain
third-party applications that might wish to share the
user database, such as Tomcat.
* Fixed a NPE in JDBCUserDatabase that was triggered by
a user editing a profile, but electing not to change the
password. It now exhibits correct behavoir: no password
means "use the old one", just like with XMLUserDatabase.
* Added 'drop user' to the Postgres and Mckoi database
scripts; it was causing an error in some cases.
2005-10-22 Andrew Jaquith <arjaquith@mindspring.com>
* v2.3.35
* Fixed issue in that prevented users checking the
'remember me' box Comment.jsp from seeing their identity
assertion reflected in the WikiSession. This feature
now works as it should. Reworked a WikiSession method,
and added a WikiSessionTest unit test. WikiSession now
senses when the 'asserted' user cookie in the user's
session appears, changes, or disappears.
* Clarified the logic in WikiSession.isAnonymous() for
determining when a user is considered "anonymous". This
will be the case when any of these conditions are true,
as evaluted in this order:
- The session's Principal set contains Role.ANONYMOUS
- The session's Principal set contains WikiPrincipal.GUEST
- The Principal returned by WikiSession.getUserPrincipal()
evaluates to an IP address
WikiSession includes a new, fast method for determining
whether a string represents an IP address. The previous
technique was totally b0rked. These are the sorts of things
one discovers when writing unit tests...
* Fixed minor issue with AbstractUserDatabase that
inadvertently introduced a bug into the way users
are found (or not). This was causing AuthorizationManager's
resolvePrincipal() method to fail in certain cases.
2005-10-22 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.3.34
* Did a general sweep of a bunch of classes to make
sure they use TextUtil.getStringProperty() instead of
Properties.getProperty(). Also fixed
BugTextUtil.parseIntParameterFailsInCaseOfTrailingBanks
to get rid of all space-related issues in jspwiki.properties.
* No longer generates empty <b/> -elements for markup "____".
The parser is now smart enough to check if a markup would
result in something that would not be recommended in XHTML 1.0.
Fixes BugEmptyMarkupDoesntWorkForBoldAndItalic.
* RSS 2.0 and Atom feeds no longer double-encode ampersands.
Oops. :)
* PageModified.jsp now properly escape XHTML markup.
* JSPWiki Auth tests are run now only if "jspwiki.tests.auth"
system property is set. This helps everyone that is using
Eclipse...
* Bug fix: exclamation marks are no longer doubled.
2005-10-19 Andrew Jaquith <arjaquith@mindspring.com>
* v2.3.33
* Initial JDBC support for storing user profiles has
landed. See the build.xml file for details on
configuring unit testing with JDBC. See also the
Javadoc for com.ecyrd.jspwiki.auth.user.JDBCUserDatabase.
* Changed VariableManager and BaseURLTag to use a new
makeBaseURL method in HTTPUtil so that HTTPS-related
URLs are generated correctly. This partially supercedes
the WikiEngine.getBaseURL method, but the changes are
completely transparent to the <wiki:BaseURL>
and <wiki:Variable> tags. So you shouldn't notice any
differences unless using HTTPS.
* Several small Javadoc fixes.
2005-10-17 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.3.32
* Changed the way TableOfContents is created - it
no longer creates a nested list. Thanks to Gregory
Pentz and Gregor Hagedorn.
2005-10-16 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.3.31
* Bug fix: JSPWikiMarkupParser was not calling
link text mutators at all, so ReferringPagesPlugin
(among others) were ignoring maxlength.
* Bug fix: WikiRenderer did not set context properly,
which killed TableOfContents plugin.
* Improved RSS generation for blogs: now it's also
possible to set the channel title, description, language
and author by using the SET directive.
* 2.3.30
* Removed dependencies of TranslatorReader from a number
of classes.
* Added new "VersioningProvider" interface to fix a
serious problem with page info listings. Based on an
idea by Kees Kuip. A Provider can now declare it
supports VersioningProvider if it wants to be able
to support pageExists( name, version). Yes, it's
a kludge, but it does speed up things considerably
until we refactor the entire provider interface.
2005-10-09 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.3.29
* Security fix: it was possible to inject javascript
using CSS. Reported by Martijn Brinkers.
* Bug fix: In certain cases, }}} would loop forever.
* CachingProvider should now be a bit smarter about
refreshing metadata.
* Added patch from Kees Kuip to cache the file properties
in VersioningFileProvider, providing faster performance.
* Rearranged quite a lot of code in URL providers to fix
a bunch of problems. Unfortunately, it also means that
URLs are no longer relative at all; they're always absolute,
but they don't always include the host name (depending
on the setting with jspwiki.referenceStyle).
2005-10-09 Andrew Jaquith <arjaquith@mindspring.com>
* v2.3.28
* For once, no public auth API changes!
* CMA and custom authentication JSPs re-factored
so that they use the same "special page" for
logins: Login.jsp. This makes for much cleaner
JSP code; for example, LeftMenu.jsp no longer needs
conditional logic for Login.jsp v. LoginRedirect.jsp.
* The web.xml file's constrained resources for CMA
expanded to include NewGroup.jsp, Upload.jsp
and Login.jsp. Constraint for LoginRedirect.jsp
removed (the page no longer exists). The login
form for CMA now uses the same as for custom
auth (LoginForm.jsp).
* WebContainerAuthorizer now tests for Login.jsp
constraints rather than LoginRedirect.jsp
when determining whether CMA is used.
WebContainerAuthorizerTest changed accordingly.
* Security fix: Authorization algorithm fixed to prevent
privilege escalation with asserted Principals when
wiki page contains ACL. Authorization now checks to
make sure the security allows the requested permission
/in addition to/ matching the user's principals
with those in the ACL. This meant we needed to
add PagePermission "*:Group*", "edit" entries
to the Authenticated policy block.
* Bug fix: AuthenticationManager no longer flushes
Principals during custom logins. This was hosing
user sessions if the user failed to log in.
* Bug fix: AuthorizationManagerTest's testGetRoles()
method no longer b0rks.
* Bug fix: default/LoginContent.jsp whitespace goof.
* Bug fix: both custom and container successful
logins set the user cookie, like they should.
(Credit: John Volkar)
* Bug fix: group creation page (NewGroup.jsp)
checks for previous existence of group before
saving, and gives user chance to change the
name if it does.
* Bug fix: NewGroup.jsp no longer triggers the
'direct access to login form' error when
CMA is used. This is due to the refactoring
mentioned above.
2005-10-03 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.3.27
* Bug fix: RenderingManager would cache old versions on
top of new ones.
* Bug fix: CheckVersionTag would cause unnecessary page
rendering. Reported by Kees Kuip.
* Switched most of the code to use the new RenderingManager
to find problems with the code.
2005-10-02 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.3.26
* Restored the the Ant "guitests" target, who had gone MIA
accidentally.
* Added (and modified a bit) a patch from Kees Kuip which
allows plugin writers to just specify properties in the plugin
archive itself.
* Added TemplateManager.listSkins(), which lists any and all
skins from templates/<yourtemplate>/skins/
2005-09-28 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.3.25
* Added ReferredPagesPlugin from Dirk Fredericx.
2005-09-27 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.3.24
* IncludeTag now prints an error to the screen instead of
a NPE when the template file in question does not exist.
* CheckRequestContextTag now supports an extended parameter
list: <wiki:CheckRequestContext context='view|info|edit'>
evaluates its body, if the current context matches ANY of
the contexts. It also supports negation with !, i.e.
<wiki:CheckRequestContext context='!view'> evaluates the
body in every context but "view".
* JSPWikiMarkupParser is now a lot more XHTML compliant,
thanks to Gregor Hagedorn.
* RSS Generator Thread now has a proper name.
* Moved TranslatorReader.Heading to com.ecyrd.jspwiki.parser.
This should not really cause any compatibility issues.
* Moved HeadingListener to com.ecyrd.jspwiki.parser
* Added two new methods from John Volkar to ReferenceManager.
2005-09-26 Erik Bunn <Erik.Bunn@memecry.net>
* Added CookieTag. See the class for documentation.
Intended for custom JSPWiki installations, mostly useful for
doing conditional logic based on e.g. a custom preferences cookie.
2005-09-24 Andrew Jaquith <arjaquith@mindspring.com>
* 2.3.23
* WikiContext, WikiSession and the auth.login.* login
modules gain significantly enhanced debugging code.
Changing Log4J settings in jspwiki.properties
to DEBUG will dump a large amount of information
about user session IDs and Principal creation
activities.
* In the continued spirit of clowing-back little-used methods
that clutter the API, WikiContext's setHttpRequest() method
goes the way of the dodo bird. It was used by WikiEngine,
and only in one place, and it was redundant to boot.
2005-09-19 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.3.22
* Added patch from John Volkar to:
* Puts a catch block in DifferenceManager in case
an underlying provider throws.
* Adds some unit tests
* Handles whitespace "better" (see the tests), words and
whitespace are both elements that get diffed. Whitespace
edits show up in the diff output. (This is an interesting point of
debate, after bruising battles whitespace in wiki-text is
significant and deserves to be diffed. Consider two lines '* foo'
and ' * foo')
* Adds a optional property
'jspwiki.contextualDiffProvider.unchangedContextLimit" that
is the number of *elements* to be emitted before and after
each change. (element=word or space or newline, so if you
want ~50 'words' of leading context set the limit to 100)
This defaults to a huge number, so it essentially doesn't
serve as much of a limit (Preserves a 1 word change in 10
pages by default returns the whole 10 pages.)
2005-09-17 Andrew Jaquith <arjaquith@mindspring.com>
* 2.3.21
* Added a simple web test plan to docs.
* WikiPermission gains support for wiki namespaces.
This introduces what I hope is the "final" tweak
required to jspwiki.policy. The WikiPermission syntax
...WikiPermission "*", "registerUser";
replaces the previous format. The wiki name may contain
wildcards. This change was made to support wiki farms.
See the WikiPermission Javadoc for more details.
* PagePermission constructor WikiPage(String,WikiPage,String)
eliminated in favor of WikiPage(WikiPage,String) because
wiki name is now carried inside WikiPage. This means
we don't need to pass the wiki name into the constructor,
which is nice and simple. This change was propagated
to 8 other classes and about a half-dozen top-level JSPs.
* Fixed return values in various WikiContext/WikiSession
get*Principal methods so that they return
WikiSession.GUEST if not otherwise set. This removes
neeed to check for nulls in calling code.
(Credit: John Volkar)
* Assitional WikiSession/WikiContext cleanup:
Fixed bug preventing initial HttpRequest 'login'.
Removed public WikiSession.isUnknown(); was only used
by one caller. Also, reduced visibility of
WikiSession.isContainerStatusChanged() to protected.
Bug fix: added Role.ALL to guestSession().
* Rename.jsp now checks for the rename permission
before actually undertaking the action.
InfoContent.jsp now checks for the same permission
also when rendering the info page UI for renaming.
* Bugfix for NPE in PagePermission.
* Much cleanup of web.xml, and tweaked the Ant script
to use this during tests (reduces maintenance).
* build.xml slightly refactored to better account
for using signed JARs during test runs.
Certain static files (web.xml/policy/jaas/jks)
in tests/etc eliminated in favor of dynamic files
copied from etc at test-time. This means we only
have to maintain one version of each file, instead of two.
* WebContainerAuthorizer includes an improved heuristic
for detecting CMA. Instead of looking for specific
role names contrained to Register.jsp, Delete.jsp
and UserPreferences.jsp, we just look for ANY role.
This means you can use your container's preferred
role names, instead forcing you to use "Admin"
and "Authenticated".
* DefaultGroupManager.getRoles() returns an array of
Group[] (downcasted to Principal[] by interface.
This should make 'instanceof' checks easier.
(Credit: John Volkar)
* Bugfix for Register.jsp so that authenticated users
who already have profiles are always redirected to
EditPreferences. This wasn't a security risk
but it was non-intuitive.
* Replaced that old Wiki.jsp favorite, the "looped config"
message, with something more appropriate to 2.3.
* Weblog plugin now accepts additional parameter for
customizing the date format. It also tries to extract
the "headline" of the blog and puts it at the top of the
entry section.
* Tweaks to Ant script to better encapsulate Jar-signing
operations. Also, test-prep activities more automated.
2005-09-16 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.3.20
* Both default ShortURLConstructors now check if the NONE
-context already has some parameters. Requested by
Erik Bunn.
* PageLock is now serializable. This should reduce some
warnings on some containers.
* Forms are now XHTML conformant instead of HTML 4.01.
2005-09-16 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.3.19.
* Fixed the rest of the new renderer tests, and turned
the new renderer on by default. You can now turn it off
with "jspwiki.newRenderingEngine=false" in your property
file.
* FormInput now also accepts XHTML-like "checked=checked".
Suggested by Murray Altheim.
* Added patch from Erik Bunn to allow clean compilation
on JDK 5.0.
* Included patch from JohnV to add time and date format
parameters to RecentChangesPlugin.
* Incorporated even more patches from Patrik to fix
some problems with tests targets and diff noise. Thanks
a heap!
* Added patch from Patrik Woodworth to fix tests
compilation failing due to jar file signing.
2005-09-09 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.3.18
* Two patches from Patrick Woodworth to fix broken URL
in jspwiki.tld and compilation directives. This removes
the jar-optimized target and makes it an option for
build.properties.
* Fixed problem with ReferenceManager: unmodifiable
maps were not updated at unserialization time. Reported
by JohnV.
* Removing misc debug code from auth.
* Moved to StopWatch() instead of System.currentTimeMillis()
in all places ;-)
2005-09-07 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.3.17
* Massive import of patches from 2.2.33.
* Added two new methods in ReferenceManager to facilitate
LinkIndexPlugin.
* Added patch from Joerg Luedecker to fix a problem
with pages deleted not affecting RefMgr.
* Added a small note to the ShortURLConstructor: do NOT
use without baseURL.
* Fixes BugAttachFilesEvenIfPageDoesNotExist. It is
no longer possible to upload a file if the page does
not exist.
* Install.jsp was Tomcat-specific. Fixes
BugInstall.jspDoesNotCompileOnWebLogic8.1. Reported by
JoachimMaes.
* Fixed BugAttachmentWithHashCannotBeViewed by replacing
now all illegal character values during upload.
* Undid change for
BugShortViewURLConstructorAndShortURLConstructorProblems -
it apparently broke quite a lot of stuff.
* Changed to OSCache 2.2.1 to protect against a pretty
nasty memory leak.
* Added generic null protection to CachingProvider, and
also protected against spurious input in RCSFileProvider
as a stopgap measure to some probable scaling issues.
* It was possible to get the authentication master password
by inserting simply it on a page as a variable. Oops.
The master password is now saved under a different name
(jspwiki-s.auth.masterPassword), which may break existing
installations. Also added a check in the VariableManager
to prevent reporting of that variable.
Reported by Trevor Yann.
* Bug fix: Attachments might get looping forever, if the page did
not exist. Fixes
BugHasAttachmentsAndAttachmentsIteratorTagsWhenPageDoesntExist
* Bug fix: You can now set the 'checked' attribute of checkboxes
in WikiForms with the parameter 'checked=true'. Reported by JohnV.
* Bug fix: BugWrongRecognitionOfWikiWords. A CamelCase
WikiWord would not be escaped correctly, if the word would
have two capital letters.
* Bug fix: BugShortViewURLConstructorAndShortURLConstructorProblems
ShortViewURLConstructor did not have a default prefix.
Reported by Olaf Kock.
* Added patch from Patrick Woodworth to fix a FIXME in javadoc
creation.
2005-08-20 Andrew Jaquith <arjaquith@mindspring.com>
* v2.3.16
* This release introduces a number of changes to the AAA
(package auth.*) APIs. If you have created custom top-level
templates, they will break. However, the changes are not
major. Regular template JSPs like *Content.jsp should
work without requiring changes.
* jspwiki.policy has changed. The PagePermission syntax
....PagePermission "mywiki:Group*", "edit";
replaces the previous format, and adds support for wiki
name spaces. Either the wiki name or the page name
may contain wildcards. This change was made to support wiki
farms. See the PagePermission Javadoc for more details.
You should update your policy files accordingly, since
the change will "probably" break your existing policies.
* AuthenticationManager supports named admin user in
jspwiki.properties: jspwiki.admin.user
* AuthenticationManager public methods have changed:
a. public boolean login(HttpServletRequest)
replaces boolean loginContainer(WikiContext)
b. public boolean login(WikiSession, String, String)
replaces boolean loginCustom( String, String, HttpServletRequest)
* AuthorizationManager public methods have changed:
a. checkPermission(WikiSession, Permission)
replaces checkPermission(WikiContext, Permission)
b. isUserInRole(WikiSession, Principal)
replaces isUserInRole(WikiContext, Subject, Principal)
c. new getRoles() method returns Principal[]; delegates
to GroupManager and Authorizer and returns union
d. public method getAuthorizer() changed to protected access
* Authorizer public methods have changed:
a. isUserInRole(WikiSession, Principal)
replaces isUserInRole(WikiContext, Subject, Principal)
b. new getRoles() method returns Principal[]
These changes were propagated to WebContainerAuthorizer,
GroupManager and DefaultGroupManager.
* GroupManager public methods have changed:
a. Enumeration members() removed.
* WikiPrincipal adds static inner Comparator class
for sorting arrays of Principals.
* WikiContext public methods have changed:
a. void setHttpRequest(HttpServletRequest) changed to protected access
b. void setWikiSession(WikiSession) removed.
* WikiSession was refactored to allow independence from WikiContext.
Public GUEST_SESSION static instance eliminated in favor
of public static factory method guestSesssion().
* UserManager get/setUserProfile(WikiSession...) replaces same
methods with WikiContext parameter.
* PagePermission now includes a wiki namespace. Syntax
is wiki:pagename. Wildcards are allowed as prefixes or
suffixes for either part.
* WikiPermission now accepts a "login" target
* LeftMenu slightly tweaked
* PreferencesContent.jsp for default template now displays
roles and groups user possesses.
* <wiki:UserProfile property="roles"> will print the user's
current set of group and role memberships, nicely sorted.
Pretty nifty.
* Many, many unit test changes.
2005-08-20 Andrew Jaquith <arjaquith@mindspring.com>
* Minor changes to TestAuthorizer, AuthorizationManagerTest
and build.xml to correct test failures in AuthorizationManagerTest.
This also fixes XMLRPC test failures. No version bump.
2005-08-19 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.3.15
* The "Wow, instead of sleep you can code and chat on
IRC thanks to WiFi on airplanes" -release.
* Added patch from Mark Rawlings to get rid of Javascript
errors in cssinclude.js
* Added support for generating Atom 1.0 feeds. There
is still a bit of a problem in generating proper Atom
ID's, as our metadata storage does not work too well.
2005-08-16 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.3.14
* Fixed plugin and variable evaluation policy: because
using clone() on the entire DOM tree is very expensive,
what we do is that we store new, specific elements
PluginContent and VariableContent into the DOM tree,
which at evaluation time produce the actual content.
* v2.3.13
* RenderingManager cache did not work correctly, because
it was relying in WikiContext.getPage() to get the page
under which things should be cached. Of course, if the
wiki template includes any other page using IncludePageTag,
the context is always the same, and therefore the cache
is never valid. Fixed this by adding a new getRealPage()
in WikiContext, which should always point at the real page
which is being rendered.
* Added some simple profiling/stopwatch code to rendering.
You can now see the speed results by setting the WikiEngine
log level to DEBUG.
* Fixed CamelCase parsing. There are still a few
inconsistencies between old TranslatorReader and the new
JSPWikiMarkupParser.
2005-08-14 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.3.12
* Even more tweaks. It is now possible to test the new
rendering engine by setting "jspwiki.newRenderingEngine" to true
in your jspwiki.properties (this will be gone in near future;
it really is for testing only). Note, however, that CamelCase
does not currently work.
* Some more tweaks of the new renderer. isExternalLink()
is now about 3x faster than it was before (it was the biggest
bottleneck so far). Still not usable (lists don't work).
* Change test property files to use BasicSearchProvider
(Lucene startup was taking too much time), and TestAuthorizer
(WebContainerAuthorizer takes about a second to start each
time).
2005-08-13 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* Did a mass commit of the new rendering engine. It is
not enabled yet, but I wanted to save the code to a very
safe place :-). Please look at the code in the new parser
and render -packages. There is still time to change the
API... (No version bump; there is no changes in JSPWiki
functionality with this).
2005-08-12 Andrew Jaquith <arjaquith@mindspring.com>
* 2.3.11
* Changed WebContainerAuthorizer to auto-detect whether
web container authorization is used; it does this by looking
for certain constraints in web.xml. The effect of this change
is to make the out-of-the box configuration default to
custom authentication. Also, changing to container auth
is now very easy -- just uncomment the constraints and
JSPWiki will know what to do without needing to fiddle
with jspwiki.properties. Added a unit test and
tests/WEB-INF/web.xml sample file also.
* Added new "super-template" for administrative pages:
AdminTemplate.jsp. This is a peer of ViewTemplate and
EditTemplate, and is used by the registration and
user preferences pages.
* Loosened the default security policy to permit edits
by anonymous uses. This is good for getting up and
running, but a bad idea for Internet-facing wikis.
The adminstrator is suitably forewarned in the policy file.
* Added an initialize() method to the Authorizer interface.
We probably needed one anyway, and the tweaks to
WebContainerAuthorizer forced the issue.
* Minor tweak to LeftMenu to replace the geeky
"you are authenticated/asserted" messages with something
more friendly.
2005-08-11 Erik Bunn <Erik.Bunn@basen.net>
* Added WikiPage.getAttributes().
This will be useful for external code that wants to
display page attributes; for example, a hypothetical "MetaData.jsp"
that would allow editing of page attributes without content-inlined
[{SET...}] tags.
2005-08-07 Andrew Jaquith <arjaquith@mindspring.com>
* 2.3.10
* Major fixes to the authentication and authorization codebase.
Most outstanding issues with the prior commits have been resolved;
it should be ready for prime time.
* JSPWiki now installs a default Java 2 security policy and JAAS
login configuration, which allows JSPWiki AAA to work "out of the box"
without additional customization. Admnistrators can override these
defaults using the standard policy/JAAS system properties if desired.
* UserPreferences.jsp has been significantly tweaked. It also includes
support for standard <template>/PreferencesContent.jsp template pages.
* Registration.jsp is a new JSP for registering new users. Includes
support for standard <template>/RegisterContent.jsp template pages.
* NewGroup.jsp is a new JSP for creating wiki groups. By default,
the group is pre-populated with the current user's wiki name.
In addition, by default group members are allowed to edit
its membership. Includes support for standard
<template>/GroupContent.jsp template pages.
* UserProfile class now includes timestamps for creation and
modification times. XMLUserDatabase time-stamps profiles
when they are created and saved.
* UserManager changed significantly to support improvements
to the AAA code.
* JSP tag <wiki:UserProfile> now includes additional properties
for modified/created times and new properties "exists" and "new"
which evaluate the tag body if the user has already been
registered (or not).
* JSP tag <wiki:UserCheck> includes additional properties to return
vallues that allow certain aspects of the AAA configuration
to be queried.
* AAA code now tested using container authentication/authorization
in addition to JSPWiki's custom auth. Note that the registration
and user preference pages work slightly differently in each case.
2005-07-26 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.3.9
* A bunch of miscallaneous fixes to WebDAV to get paths
to function correctly.
2005-07-26 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.3.8
* Merged in fixes from 2.2.29.
* Bug fix: Attachments might get looping forever, if the page did
not exist. Fixes
BugHasAttachmentsAndAttachmentsIteratorTagsWhenPageDoesntExist
* Bug fix: You can now set the 'checked' attribute of checkboxes
in WikiForms with the parameter 'checked=true'. Reported by JohnV.
* Bug fix: BugWrongRecognitionOfWikiWords. A CamelCase
WikiWord would not be escaped correctly, if the word would
have two capital letters.
* Bug fix: BugShortViewURLConstructorAndShortURLConstructorProblems
ShortViewURLConstructor did not have a default prefix.
Reported by Olaf Kock.
* Enabled also the attach URL for WebDAV. You can now
browse the full range of attachments at <yoururl>/attach/
using a DAV client.
2005-07-21 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.3.7
* DAV service now offers again the HTML rendered versions of
pages under /dav/html/
* DAV service now has a two-level structure: pages starting with
"a" are in a subdirectory called "a", etc.
* Some minor auth refactoring.
2005-07-17 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.3.6
* Added a bunch of refactorings (including new UserManager class)
* AuthenticationManager now attempts to find the jspwiki.jaas
and jspwiki.policy files on its own, if the user does not
specify them. JAAS and Java 1.4 suck in this regard - it
requires all sorts of trickery with the config files and
startup scripts to use built-in authentication. It makes
life very difficult for anyone who deploys the app, as they
must have detailed command-line knowledge. Not to mention the
fact that it makes life hard for the developer as well, as they
provide no way to do this programmatically...
2005-07-15 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.3.5
* Refactored about 300 minor warnings (unused code,
assignment errors, etc)
* Consolidated routines from FileUtil14.class to
FileUtil.class - JSPWiki now requires 1.4, so we can just
remove any specifics.
2005-07-03 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.3.4
* Bug fix: Doing two empty searches in a row would cause the
search_highlight.js to loop and kill the browser.
Reported by HolgerHoffst?tte.
* Bug fix: Empty or non-Lucene compliant searches would throw
a NullPointerException. Reported by HolgerHoffst?tte.
Fixes BugSearchAlwaysThrowsNPE.
* Bug fix: It was impossible to use the InsertPage plugin to
insert the same page twice on a page. Reported by Murray
Altheim (I think - this was not entered in the bug reporting
system).
* Upgraded to Lucene 1.4.3.
* Removed "sign" from build targets to allow decent builds
for now.
* Both short url providers now heed the url prefix always...
2005-06-30 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.3.3
* Mass merge of JSPWIKI_ARJ_BRANCH
* Added Andrew Jaquith's authentication code, replacing the
old system completely. This is likely to break everything.
The merge was not as smooth as I would've liked, so THIS
VERSION DOES NOT WORK - IT COMPILES, BUT DO NOT USE IT FOR
ANYTHING ELSE THAN HACKING.
2005-06-23 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.3.2
* Merged in JSPWIKI_2_2_BRANCH
* RSS 2.0 and enclosures support to rss.jsp.
* Removed dead code.
2005-06-23 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.3.1
* Refactoring of FilterManager: now uses XPath and JDOM to parse
XML files...
* Tiny patch from ajbanck: UserManager no longer complains loudly
if something is not a group.
* Patch from Joerg Luedecker to delete pages from referencemanager
if they're renamed.
2005-06-20 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.3.0.
* Included the page rename patch from a number of people. Thanks
heaps to Chris Lisle, John Volkar, Joerg Luedeker!
* Branched off JSPWiki 2.2 development to its own branch,
this is now the 2.3 development.
2005-06-19 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.2.26
* Added partial fix for
BugReadingOfVariableNotWorkingForOlderVersions. This is a deep
bug.
* Added patch from Joerg Luedeker to fix
BugDeleteFailsIfPageHasAttachmens.
* PageManager didn't correctly return page text if the
page was externally modified (I can't understand how this
could've worked earlier...) This killed an unit test or two.
* Renamed methods in Search API to be a bit more consistent.
Thanks to ajbanck for the suggestion.
* ReferenceManager should now notice deleted pages.
* rss.jsp now returns a 404, if the RSS generation is disabled.
* Bug fix: BugApplicationNameBeGarbledIfThereAreChineseCharactersInIt
Install.jsp is now smart enough to mangle the input so that
it can be put inside an Latin1 properties file. Thanks to
Dengber for the fix.
* Bug fix: BugPageAddedToSearchQueueMultipleTimes. Thanks to
ajbanck.
2005-06-16 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.2.25
* Bug fix: LuceneSearchProvider misspelled the default
search provider name, causing exceptions at startup...
* Bug fix: Page names are now also added in the Lucene
index in their canonical form, not just beautified form.
Suggested by Michael Smith.
* Bug fix: there were some concurrency issues whenever
iterating through the entire list of pages (causing
ConcurrentModificationExceptions). Fixed by returning
a clone of the array in the CachingProvider.
* v2.2.24
* Added Arent-Jan Banck's patch to support attachment
searching. I also changed the SearchProvider API (it's
not been released in a stable version) slightly - no
need to send the text all the way; let the provider worry
about it.
* BasicSearchProvider now searches attachment names
as well.
* LuceneSearchProvider now indexes attachment names and
certain text-based attachments as well. Currently plain
text, XML, .ini and HTML files are indexed. This will
change to a better system, once someone figures out how
to do proper Lucene Analyzers.
2005-06-14 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.2.23
* Quite a lot more WebDAV refactoring; it works now
again. Still having problems with UTF-8 page names...
HTML fetching does not work at the moment either.
2005-06-13 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.2.22
* Broke the WebDAV API for now; I'm changing to a new
model to make additions easier.
* Bug fix: SearchManager didn't behave nicely; there was
a circular reference between it and ReferenceManager.
LuceneSearchProvider now does not start indexing until
PageManager is surely up and running. Reported by
ajbanck.
2005-06-12 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.2.21
* Enabled normal Lucene query language if you're using
the LuceneSearchProvider. This, incidentally, also helps
a lot if you're using any other language than English, since
we now use the same Analyzer for queries than for parsing
(which would account to quite a few problems in the past).
Unfortunately, I had to break FastSearch (does anyone use it)?
* Moved searching into com.ecyrd.jspwiki.search package,
thanks to an excellent patch from Arent-Jan Banck.
2005-06-09 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.2.20.
* Small bug fix to PluginTag: it should now work on page
refreshes.
2005-06-08 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.2.19.
* Bug fix: BugPluginTagNotWritingOutput
* Bug fix: BugJspwiki.tldEmptyTag
* Bug fix: BugWikiTranslateTagShouldTrimLeadingSpacesOfFirstSentence
2005-06-06 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.2.18.
* Ebu added a bug fix for oldauth (please specify here...)
* Fixed two bugs with Install.jsp:
BugInstall.jspDoesNotHandleWindowsPathsWell by adding a simple
windows path converter (should work also well with UNC paths),
and BugInstall.jspDoesNotProvideDefaultBaseURL by commenting
out the baseURL parameter in jspwiki.properties.tmpl.
2005-05-18 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.2.17
* The HTML fragment identifiers generated for each heading
are now XHTML compliant (no more entities). Unfortunately,
this makes them look like crap, but this method should work
for CJK languages (unlike dropping non-USASCII).
* Bug fix: HTML fragment identifiers didn't work on pages
with non-USASCII names.
* 2.2.16
* Major fix to ISO-8859-1 - it didn't work almost at all
if you used anything else but the DefaultURLConstructor -
especially attachments didn't work.
2005-05-18 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.2.15
* Bug fix: BugReferenceManagerDoesNotFindSingularReferences
should now finally be fixed.
* Fix of a fix of a bug fix: We no longer generate <a name="foo">
tags for headings - instead, we generate an unique "id" for
each heading.
* Added "overflow: auto" to <pre> tags in jspwiki.css...
That makes bug reports far, far more readable.
2005-05-15 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.1.14
* Somewhere above Pakistan or Afghanistan...
* EditorArea has now an id: "editorarea". It also has now
a class "editorarea", simply because "text" was not really
very descriptive. Thanks to, err, someone, for this -
I seem to have been very eager in deleting my email...
* Bug fix: No more DAV NPEs with certain systems. Patch
thanks to someone - sorry, I forgot...
* Bug fix: no longer throws ConcurrentModificationException
in certain conditions upon startup.
* Bug fix: InsertPage now detects circular references and it
is no longer possible to DoS a wiki by including a page in
itself.
* Bug fix: Odd pages of format "/foo" are now catched and no
longer throw horrendous exceptions.
* Fix of a bug fix: The changed heading anchor generation in
2.2.13 caused plenty of grief to a lot of people working with
CSS - instead of an empty tag we now generate an empty tag
pair. <a name="foo"></a> instead of <a name="foo"/>. It seems
that the latter confuses quite a few parsers, even though it's
valid XHTML.
2005-05-06 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.2.13
* Bug fix: Empty links no longer generate warnings.
* The non-existing page links are now generated without the
annoying underline as a proper hyperlink. You'll probably
want to copy the link code from jspwiki.css...
* Bug fix: Headings now generate the link anchor at zero
length, so that they should no longer confuse people who
write CSS.
2005-05-05 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.2.12
* Bug fix: FCK editing now disables plugins and filters
properly.
* Bug fix: search hilighting didn't work.
* JSPWiki is now a WebDAV Class-1 server. The support is not
yet complete, nor are we completely Class-1 compliant, but
you can now browse your JSPWiki repository by pointing at your
$baseurl/dav/. Attachment support is forthcoming, as soon
as I figure out what's the best approach. Authoring support
will also be enabled soon.
(To enable this functionality, check out the new web.xml).
2005-05-02 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.2.11.
* Incorporated the FCK editor for WYSIWYG editing, as well
as the XHTML import functionality from Sebastian Baltes.
Thanks heaps!
This is an experimental feature: you need to turn it explicitly
on with "jspwiki.editor=FCK" in your jspwiki.properties,
and also uncomment the <script> tag in EditTemplate.jsp. The
editor is known to fail or behave really strangely on occasion,
and many of the functionalities do not simply work (like
image insertion), so I'm disabling quite a lot of work for now.
Check out scripts/fckconfig.js and scripts/fckstyles.xml for
examples.
The WYSIWYG editor will remain an experimental feature for now.
You need to install FCKEditor yourself into scripts/fckeditor.
2005-04-29 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* 2.2.10.
* Added patch from Sebastian Baltes to fix issues with style
embedding: %%(color:rgb(1,2,3)) would not work.
2005-04-24 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.2.9.
* Added missing attribute of PageDate: format to jspwiki.tld.
Oops... This one had been missing for quite some time.
* Changed the default template somewhat.
* UnusedPagesPlugin no longer inlines images.
* v2.2.8
* Added 'class="body"' to default template body, as per
BugCSSClassForViewTemplate.jspBodyTag
* Added "link" to Comment.jsp; this should be a lot
smarter now about if you want to use comment functionality
for the weblog.
* Hopefully fixed preview issues with IE by rewriting
Preview code (it no longer relies on javascript:back(), but
it POSTs back to Edit.jsp). Fixes
BugUsingSSLWithMicrosoftInternetExplorerV6SpoilsPreviewFunction.
Hopefully.
* Added EditorAreaTag.
* Oops, %% would sometimes end in StackEmptyException;
teaches me to read javadocs.
2005-04-23 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.2.7
* Fixed many issues with ~-escaping. It should now work with
practically all WikiMarkup; you should be able to escape
anything. Fixes Bug Back Slashes In Http String In A File
Causes File Not To Load, Bug Line Breaks In The Middle Of Text.
* Fixed some issues with %%-style generation: it now looks
at the rest of the line, and if it contains material, it will
emit a <span> instead of a <div>. This should make it
intuitively pretty logical. This should fix quite a many
complaints relating to styles, including
BugLineBreaksWithCSSFormating (partial), BugCSSInTables
2005-04-22 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.2.6.
* Added ShortViewURLConstructor and move all
URLConstructors to the url-package. This makes it
possible to have short URLs *and* protect the access
to particular JSPs...
2005-04-21 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.2.5
* You can now choose which Lucene analyzer to use
with "jspwiki.lucene.analyzer". Choose it according
to the primary language of the wiki.
* Lucene can now recover, if the index was locked
when JSPWiki was shut down.
2005-04-20 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.2.4.
* Bug fix: TableOfContents plugin now properly calculates
the page variables.
* Bug fix: Deleted pages are no longer shown in the
RecentChanges listings.
* v2.2.3
* Added some sanity checks to the startup concerning
the work directory.
2005-04-19 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.2.2.
* CachingProvider does now a bit more sanity checks
with the Lucene directory; this was a source of confusion
for some people. It's also more verbose.
2005-04-18 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.2.1.
* Bug fix: RSS generation no longer does double encoding.
* Bug fix: CachingProvider would not notice new files.
2005-04-17 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>
* v2.2.0-beta. Yay! I don't know whether this version is really
ripe, but we just HAVE to get it out at some point.
* Fixed a small off-by-one error in SpamFilter.