From 0190e08763f0779d17433e95de9c7ad589805b71 Mon Sep 17 00:00:00 2001 From: Victor Bogado Date: Sun, 1 Jan 2017 18:58:31 -0800 Subject: [PATCH 01/35] Fix page list for files that have regexp special chars. The page list collection logic was using the filename without any scaping to create a regexp. This not only breaks for some names it might even be a security problem by introducing bad regular expression as filenames. --- lib/gollum/views/pages.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/gollum/views/pages.rb b/lib/gollum/views/pages.rb index ff11fcf7..cf9f8b4e 100644 --- a/lib/gollum/views/pages.rb +++ b/lib/gollum/views/pages.rb @@ -36,7 +36,8 @@ module Precious # 1012: Folders and Pages need to be separated @results.each do |page| - page_path = page.path.sub(/^#{@path}\//, '') + page_path = page.path + page_path = page_path.sub(/^#{Regexp.escape(@path)}\//, '') unless @path.nil? if page_path.include?('/') folder = page_path.split('/').first From 1edcf15bcdc267fd1e8af9549c0bcf247a4a76c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Albers?= Date: Tue, 10 Jan 2017 18:26:56 +0100 Subject: [PATCH 02/35] Add another video to README. --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5523d98f..da08f880 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,11 @@ For more information on Gollum's capabilities and pitfalls: 3. [Troubleshoot guide](https://github.com/gollum/gollum/wiki/Troubleshoot-guide). 4. [Security overview](https://github.com/gollum/gollum/wiki/Security). -For a quick impression of gollum, see [this video](https://www.youtube.com/watch?v=gj1qqK3Oku8). To see more advanced features in action, see [this video](https://www.youtube.com/watch?v=EauxgxsLDC4) here (installation with docker). +### Videos + +* [Quick impression of gollum](https://www.youtube.com/watch?v=gj1qqK3Oku8) +* [Gollum overview and simple markdown tutorial (german with english subtitles)](https://www.youtube.com/watch?v=wfWgDRmcbU4) +* [Advanced features in action](https://www.youtube.com/watch?v=EauxgxsLDC4) ## SYSTEM REQUIREMENTS From 9a2231804dcdae7a7edc382d795b0687ae5cad6e Mon Sep 17 00:00:00 2001 From: Connor Shea Date: Sat, 14 Jan 2017 19:10:17 -0500 Subject: [PATCH 03/35] Test on Ruby 2.4 --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index 18e4b577..3d36400e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,6 +4,7 @@ rvm: - 2.1.1 - 2.2.2 - 2.3.0 + - 2.4.0 - jruby-19mode before_install: - sudo apt-get update From af29c6e441ac11e576236e9d13552c615eed7106 Mon Sep 17 00:00:00 2001 From: Adam Niedzielski Date: Fri, 27 Jan 2017 15:15:50 +0100 Subject: [PATCH 04/35] Pass non-empty commit author details in transliteration test Empty name or email are not allowed by libgit2 and cause a test failure when the test suite is run against rugged_adapter. --- test/test_unicode.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/test_unicode.rb b/test/test_unicode.rb index 3dac8900..79e048ab 100644 --- a/test/test_unicode.rb +++ b/test/test_unicode.rb @@ -91,7 +91,7 @@ context "Frontend Unicode support" do test 'transliteration' do # TODO: Remove to_url once write_page changes are merged. - @wiki.write_page('ééééé'.to_url, :markdown, '한글 text', { :name => '', :email => '' }) + @wiki.write_page('ééééé'.to_url, :markdown, '한글 text', commit_details) page = @wiki.page('eeeee') assert_equal '한글 text', utf8(page.raw_data) end From a0f5a60ea0c8aca6a5a48ff18880a64ab24e6936 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jacquin=20Th=C3=A9o?= <42nimag@gmail.com> Date: Sun, 29 Jan 2017 00:39:39 +0100 Subject: [PATCH 05/35] Solve bug when folder contain non-ascii character MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When you create a file in a folder with non-ascii character, for exemple "Réseau", after creating the page, it throwed an "URI::InvalidURIError", given the fact that the url returned was "/Réseau/H%C3%A9y", only the part with the name of the file was correctly encoded. So I propose to encode every part of the url to solve this issue So I just --- lib/gollum/app.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/gollum/app.rb b/lib/gollum/app.rb index 0896a79f..2d2300ba 100644 --- a/lib/gollum/app.rb +++ b/lib/gollum/app.rb @@ -348,7 +348,7 @@ module Precious wiki.write_page(name, format, params[:content], commit_message, path) page_dir = settings.wiki_options[:page_file_dir].to_s - redirect to("/#{clean_url(::File.join(page_dir, path, encodeURIComponent(name)))}") + redirect to("/#{clean_url(::File.join(encodeURIComponent(page_dir), encodeURIComponent(path), encodeURIComponent(name)))}") rescue Gollum::DuplicatePageError => e @message = "Duplicate page: #{e.message}" mustache :error From e7e7937678c616a759a7eda0996a08b13581d6ba Mon Sep 17 00:00:00 2001 From: "Daniel M. Capella" Date: Thu, 2 Feb 2017 00:48:22 +0000 Subject: [PATCH 06/35] readme: Use --document in place of deprecated options --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index da08f880..ac38141a 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,7 @@ Installation examples for individual systems can be seen [here](https://github.c ``` * And install: ``` - [sudo] gem install --no-ri --no-rdoc pkg/gollum*.gem + [sudo] gem install --no-document pkg/gollum*.gem ``` ### Markups From ece5c775f12b16fc716e6372fc571366a65ce895 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Thu, 9 Mar 2017 17:34:37 +0100 Subject: [PATCH 07/35] Release 4.1.0 --- HISTORY.md | 6 ++++++ gollum.gemspec | 6 ++++-- lib/gollum.rb | 2 +- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index f5bdb4ff..fdbaf681 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,3 +1,9 @@ +# 4.1.0 /2016-03-09 + +* Added file deletion functionality to file view +* Various performance improvements +* Emoji support + # 4.0.0 /2015-04-11 * Now compatible with JRuby (via the [rjgit](https://github.com/repotag/rjgit) [adapter](https://github.com/repotag/gollum-lib_rjgit_adapter)) diff --git a/gollum.gemspec b/gollum.gemspec index 84be9fe6..d3d275b3 100644 --- a/gollum.gemspec +++ b/gollum.gemspec @@ -5,8 +5,8 @@ Gem::Specification.new do |s| s.required_ruby_version = '>= 1.9' s.name = 'gollum' - s.version = '4.0.1' - s.date = '2016-05-19' + s.version = '4.1.0' + s.date = '2017-03-09' s.rubyforge_project = 'gollum' s.license = 'MIT' @@ -41,6 +41,7 @@ Gem::Specification.new do |s| # = MANIFEST = s.files = %w[ + CONTRIBUTING.md Gemfile HISTORY.md LICENSE @@ -74,6 +75,7 @@ Gem::Specification.new do |s| lib/gollum/public/gollum/images/fileview/folder-horizontal.png lib/gollum/public/gollum/images/fileview/toggle-small-expand.png lib/gollum/public/gollum/images/fileview/toggle-small.png + lib/gollum/public/gollum/images/fileview/trashcan.png lib/gollum/public/gollum/images/icon-sprite.png lib/gollum/public/gollum/images/man_24.png lib/gollum/public/gollum/images/para.png diff --git a/lib/gollum.rb b/lib/gollum.rb index ca342ac9..8ee62f2c 100644 --- a/lib/gollum.rb +++ b/lib/gollum.rb @@ -16,7 +16,7 @@ require File.expand_path('../gollum/uri_encode_component', __FILE__) $KCODE = 'U' if RUBY_VERSION[0, 3] == '1.8' module Gollum - VERSION = '4.0.1' + VERSION = '4.1.0' def self.assets_path ::File.expand_path('gollum/public', ::File.dirname(__FILE__)) From 2d1e49e3f24747865fee4e376f07559c07bde300 Mon Sep 17 00:00:00 2001 From: Adam Niedzielski Date: Sat, 11 Mar 2017 19:28:31 +0100 Subject: [PATCH 08/35] Skip tests for transliteration for adapters different than grit --- test/test_app.rb | 5 +++++ test/test_unicode.rb | 3 +++ 2 files changed, 8 insertions(+) diff --git a/test/test_app.rb b/test/test_app.rb index 32ba29ea..5a273c65 100644 --- a/test/test_app.rb +++ b/test/test_app.rb @@ -30,6 +30,11 @@ context "Frontend" do # and in file names saved to disk # urls are not case sensitive assert_equal 'Title-Space', 'Title Space'.to_url + end + + test "translation" do + # we transliterate only when adapter is grit + return if defined?(Gollum::GIT_ADAPTER) && Gollum::GIT_ADAPTER != 'grit' # ascii only file names prevent UTF8 issues # when using git repos across operating systems diff --git a/test/test_unicode.rb b/test/test_unicode.rb index 79e048ab..22e00246 100644 --- a/test/test_unicode.rb +++ b/test/test_unicode.rb @@ -90,6 +90,9 @@ context "Frontend Unicode support" do end test 'transliteration' do + # we transliterate only when adapter is grit + return if defined?(Gollum::GIT_ADAPTER) && Gollum::GIT_ADAPTER != 'grit' + # TODO: Remove to_url once write_page changes are merged. @wiki.write_page('ééééé'.to_url, :markdown, '한글 text', commit_details) page = @wiki.page('eeeee') From 11c2bf7dae038e3c837f7020110bfa08d873012d Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Wed, 5 Apr 2017 23:05:24 +0200 Subject: [PATCH 09/35] Fix date. Closes #1211 --- HISTORY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/HISTORY.md b/HISTORY.md index fdbaf681..0c118986 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,4 +1,4 @@ -# 4.1.0 /2016-03-09 +# 4.1.0 /2017-03-09 * Added file deletion functionality to file view * Various performance improvements From f32d7465a2dc7d6ad28163783300514649addb41 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Fri, 14 Apr 2017 00:31:09 +0200 Subject: [PATCH 10/35] Set bar_side for versioned pages. Closes #1226 --- lib/gollum/app.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/gollum/app.rb b/lib/gollum/app.rb index 2d2300ba..de2a868a 100644 --- a/lib/gollum/app.rb +++ b/lib/gollum/app.rb @@ -464,6 +464,7 @@ module Precious @name = name @content = page.formatted_data @version = version + @bar_side = wikip.wiki.bar_side mustache :page elsif file = wikip.wiki.file("#{file_path}", version, true) show_file(file) From ba24a7bb8c53323a04e802812e4ef3f3fa36f451 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 17 Apr 2017 11:01:50 +0200 Subject: [PATCH 11/35] Update gemijione dependency. Closes #1227 --- gollum.gemspec | 2 +- lib/gollum/helpers.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/gollum.gemspec b/gollum.gemspec index d3d275b3..6e7c0026 100644 --- a/gollum.gemspec +++ b/gollum.gemspec @@ -29,7 +29,7 @@ Gem::Specification.new do |s| s.add_dependency 'sinatra', '~> 1.4', '>= 1.4.4' s.add_dependency 'mustache', ['>= 0.99.5', '< 1.0.0'] s.add_dependency 'useragent', '~> 0.16.2' - s.add_dependency 'gemojione', '~> 2' + s.add_dependency 'gemojione', '~> 3.2' s.add_development_dependency 'rack-test', '~> 0.6.2' s.add_development_dependency 'shoulda', '~> 3.5.0' diff --git a/lib/gollum/helpers.rb b/lib/gollum/helpers.rb index d140b932..b5fdb030 100644 --- a/lib/gollum/helpers.rb +++ b/lib/gollum/helpers.rb @@ -4,7 +4,7 @@ require 'gemojione' module Precious module Helpers - EMOJI_PATHNAME = Pathname.new(Gemojione.index.images_path).freeze + EMOJI_PATHNAME = Pathname.new(Gemojione.images_path).freeze # Extract the path string that Gollum::Wiki expects def extract_path(file_path) From 0870655455855c2bc18cbff729a36672e43c7923 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 17 Apr 2017 11:20:06 +0200 Subject: [PATCH 12/35] Release 4.1.1 --- gollum.gemspec | 4 ++-- lib/gollum.rb | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/gollum.gemspec b/gollum.gemspec index 6e7c0026..ab9fe318 100644 --- a/gollum.gemspec +++ b/gollum.gemspec @@ -5,8 +5,8 @@ Gem::Specification.new do |s| s.required_ruby_version = '>= 1.9' s.name = 'gollum' - s.version = '4.1.0' - s.date = '2017-03-09' + s.version = '4.1.1' + s.date = '2017-04-17' s.rubyforge_project = 'gollum' s.license = 'MIT' diff --git a/lib/gollum.rb b/lib/gollum.rb index 8ee62f2c..b1a12aa0 100644 --- a/lib/gollum.rb +++ b/lib/gollum.rb @@ -16,7 +16,7 @@ require File.expand_path('../gollum/uri_encode_component', __FILE__) $KCODE = 'U' if RUBY_VERSION[0, 3] == '1.8' module Gollum - VERSION = '4.1.0' + VERSION = '4.1.1' def self.assets_path ::File.expand_path('gollum/public', ::File.dirname(__FILE__)) From 71395907981575d343b2195d3fc20d6d5937c2ae Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 31 Jul 2017 18:01:37 +0200 Subject: [PATCH 13/35] Try fix travis --- .travis.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 3d36400e..782b6deb 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,7 +5,9 @@ rvm: - 2.2.2 - 2.3.0 - 2.4.0 - - jruby-19mode + - jruby-9.1.8.0 +jdk: + - oraclejdk8 before_install: - sudo apt-get update - sudo apt-get install libicu-dev From 2f864c5e15aeecbdece50e4227c27cc510832b7e Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 31 Jul 2017 18:09:32 +0200 Subject: [PATCH 14/35] Stop support for ruby 2.0.0 because it is not compatible with a safe nokogiri. See https://github.com/gollum/gollum-lib/issues/278 --- .travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 782b6deb..20bed23e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,5 +1,4 @@ rvm: - - 2.0.0 - 2.1.0 - 2.1.1 - 2.2.2 From e4f702d1e2181225ac9808d3027a54a82f0747a5 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 7 Aug 2017 17:40:49 +0200 Subject: [PATCH 15/35] Lock to newer gollum-lib to avoid falling back to unsafe nokogiri --- gollum.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gollum.gemspec b/gollum.gemspec index ab9fe318..fac08b9e 100644 --- a/gollum.gemspec +++ b/gollum.gemspec @@ -24,7 +24,7 @@ Gem::Specification.new do |s| s.rdoc_options = ['--charset=UTF-8'] s.extra_rdoc_files = %w[README.md LICENSE] - s.add_dependency 'gollum-lib', '~> 4.0', '>= 4.0.1' + s.add_dependency 'gollum-lib', '>= 4.2.7' s.add_dependency 'kramdown', '~> 1.9.0' s.add_dependency 'sinatra', '~> 1.4', '>= 1.4.4' s.add_dependency 'mustache', ['>= 0.99.5', '< 1.0.0'] From 6de0914788e2e8552d9c5386086ef74434f52e91 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 7 Aug 2017 17:54:00 +0200 Subject: [PATCH 16/35] Release 4.1.2 --- HISTORY.md | 4 ++++ gollum.gemspec | 4 ++-- lib/gollum.rb | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index 0c118986..2771d077 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,3 +1,7 @@ +# 4.1.2 /2017-08-07 + +* Lock to a newer version of gollum-lib to avoid installing an outdated and vulnerable dependency (nokogiri) on ruby 2.0. See https://github.com/gollum/gollum-lib/pull/279. Note: this breaks semantic versioning so those using outdated rubies will discover the problem on update. + # 4.1.0 /2017-03-09 * Added file deletion functionality to file view diff --git a/gollum.gemspec b/gollum.gemspec index fac08b9e..25e60a4f 100644 --- a/gollum.gemspec +++ b/gollum.gemspec @@ -5,8 +5,8 @@ Gem::Specification.new do |s| s.required_ruby_version = '>= 1.9' s.name = 'gollum' - s.version = '4.1.1' - s.date = '2017-04-17' + s.version = '4.1.2' + s.date = '2017-08-07' s.rubyforge_project = 'gollum' s.license = 'MIT' diff --git a/lib/gollum.rb b/lib/gollum.rb index b1a12aa0..a1737118 100644 --- a/lib/gollum.rb +++ b/lib/gollum.rb @@ -16,7 +16,7 @@ require File.expand_path('../gollum/uri_encode_component', __FILE__) $KCODE = 'U' if RUBY_VERSION[0, 3] == '1.8' module Gollum - VERSION = '4.1.1' + VERSION = '4.1.2' def self.assets_path ::File.expand_path('gollum/public', ::File.dirname(__FILE__)) From 612267d322a6b3235cdd863d8dc4f543c411d704 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Tue, 14 Aug 2018 09:36:26 +0200 Subject: [PATCH 17/35] Update CONTRIBUTING.md Add GPG key --- CONTRIBUTING.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index c5496dbe..f7e0cb5a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -21,6 +21,10 @@ Before submitting an issue, **please carefully look through the following places Lastly, please **consider helping out** by opening a Pull Request! +Serious bugs can be reported directly to the maintainers using these GPG keys: + +* [@dometto](https://pgp.mit.edu/pks/lookup?op=vindex&search=0xD637E455CD3E27BF) + ## Opening a Pull Request Pull Requests fixing bugs, implementing new features, or updating documentation and dependencies are all very welcome! If you would like to help out with the project, you can pick an open issue from the issue tracker. We're more than happy to help you get started! Here's how you can proceed: From c2258c449e85076ff4e898d34d1de0a9d78527c4 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 17 Sep 2018 21:57:52 +0200 Subject: [PATCH 18/35] Added necessary escaping --- gollum.gemspec | 6 +++--- lib/gollum/app.rb | 8 ++++---- lib/gollum/views/pages.rb | 4 ++-- test/test_pages_view.rb | 13 +++++++++++++ 4 files changed, 22 insertions(+), 9 deletions(-) diff --git a/gollum.gemspec b/gollum.gemspec index 25e60a4f..53a0ec18 100644 --- a/gollum.gemspec +++ b/gollum.gemspec @@ -5,8 +5,8 @@ Gem::Specification.new do |s| s.required_ruby_version = '>= 1.9' s.name = 'gollum' - s.version = '4.1.2' - s.date = '2017-08-07' + s.version = '4.1.3' + s.date = '2018-09-17' s.rubyforge_project = 'gollum' s.license = 'MIT' @@ -24,7 +24,7 @@ Gem::Specification.new do |s| s.rdoc_options = ['--charset=UTF-8'] s.extra_rdoc_files = %w[README.md LICENSE] - s.add_dependency 'gollum-lib', '>= 4.2.7' + s.add_dependency 'gollum-lib', '>= 4.2.9' s.add_dependency 'kramdown', '~> 1.9.0' s.add_dependency 'sinatra', '~> 1.4', '>= 1.4.4' s.add_dependency 'mustache', ['>= 0.99.5', '< 1.0.0'] diff --git a/lib/gollum/app.rb b/lib/gollum/app.rb index de2a868a..82577fe5 100644 --- a/lib/gollum/app.rb +++ b/lib/gollum/app.rb @@ -490,11 +490,11 @@ module Precious }x do |path| @path = extract_path(path) if path wiki_options = settings.wiki_options.merge({ :page_file_dir => @path }) - wiki = Gollum::Wiki.new(settings.gollum_path, wiki_options) - @results = wiki.pages - @results += wiki.files if settings.wiki_options[:show_all] + @wiki = Gollum::Wiki.new(settings.gollum_path, wiki_options) + @results = @wiki.pages + @results += @wiki.files if settings.wiki_options[:show_all] @results = @results.sort_by { |p| p.name.downcase } # Sort Results alphabetically, fixes 922 - @ref = wiki.ref + @ref = @wiki.ref mustache :pages end diff --git a/lib/gollum/views/pages.rb b/lib/gollum/views/pages.rb index cf9f8b4e..f90feb80 100644 --- a/lib/gollum/views/pages.rb +++ b/lib/gollum/views/pages.rb @@ -23,7 +23,7 @@ module Precious end end - breadcrumb.join(" / ") + @wiki.sanitizer.clean(breadcrumb.join(" / ")) else "Home" end @@ -60,7 +60,7 @@ module Precious result = Hash[folders.sort_by{| key, value | key.downcase} ].values.join("\n") + "\n" result += Hash[page_files.sort_by{ | key, value | key.downcase } ].values.join("\n") - result + @wiki.sanitizer.clean(result) else "" end diff --git a/test/test_pages_view.rb b/test/test_pages_view.rb index 9f279d0e..6fe23b75 100644 --- a/test/test_pages_view.rb +++ b/test/test_pages_view.rb @@ -2,6 +2,18 @@ require File.expand_path(File.join(File.dirname(__FILE__), 'helper')) require File.expand_path '../../lib/gollum/views/pages', __FILE__ +class FakeSane + def clean(data) + data + end +end + +class FakeWiki + def sanitizer + FakeSane.new + end +end + FakePageResult = Struct.new(:path) do def name File.basename(path, File.extname(path)).gsub("-", " ") @@ -27,6 +39,7 @@ end context "Precious::Views::Pages" do setup do @page = Precious::Views::Pages.new + @page.instance_variable_set("@wiki", FakeWiki.new) end test "breadcrumb" do From 7ada448bce4efb26ca0515bb6c1c7ce987b110a0 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 17 Sep 2018 22:29:34 +0200 Subject: [PATCH 19/35] Release 4.1.3 --- lib/gollum.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/gollum.rb b/lib/gollum.rb index a1737118..5e7a9106 100644 --- a/lib/gollum.rb +++ b/lib/gollum.rb @@ -16,7 +16,7 @@ require File.expand_path('../gollum/uri_encode_component', __FILE__) $KCODE = 'U' if RUBY_VERSION[0, 3] == '1.8' module Gollum - VERSION = '4.1.2' + VERSION = '4.1.3' def self.assets_path ::File.expand_path('gollum/public', ::File.dirname(__FILE__)) From 771ca331e9be157279571a3230ce2626c86f6d86 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 17 Sep 2018 22:44:09 +0200 Subject: [PATCH 20/35] Create ISSUE_TEMPLATE.md --- ISSUE_TEMPLATE.md | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 ISSUE_TEMPLATE.md diff --git a/ISSUE_TEMPLATE.md b/ISSUE_TEMPLATE.md new file mode 100644 index 00000000..41c40a26 --- /dev/null +++ b/ISSUE_TEMPLATE.md @@ -0,0 +1,7 @@ +**Note**: we are currently working on version 5.0 of gollum in an attempt to make it, better, faster, and easier to maintain. We will **not** be fixing issues with previous versions of gollum (4.x), except for security issues. + +Please submit only issues that are present in the `5.x` branch of this project. When submitting issues with `5.x`, please include the output of `gollum --versions` in your ticket. + +Please read [these guidelines](https://github.com/gollum/gollum/blob/master/CONTRIBUTING.md) before submitting your issue, and for info on reporting vulnerabilities. + +Finally: we need your help! Please consider chipping in by submitting a PR rather than just by reporting your issue. From 317ccef7c8d304e4fa4015baf441f3994f82c0ec Mon Sep 17 00:00:00 2001 From: README Bot <35302948+codetriage-readme-bot@users.noreply.github.com> Date: Mon, 24 Sep 2018 10:34:40 -0500 Subject: [PATCH 21/35] Add CodeTriage badge to gollum/gollum (#1291) Adds a badge showing the number of people helping this repo on CodeTriage. --- CONTRIBUTING.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index f7e0cb5a..06b78fe0 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -19,12 +19,17 @@ Before submitting an issue, **please carefully look through the following places 1. The [README](https://github.com/gollum/gollum/blob/master/README.md). 1. The project's [wiki](https://github.com/gollum/gollum/wiki). -Lastly, please **consider helping out** by opening a Pull Request! - -Serious bugs can be reported directly to the maintainers using these GPG keys: +Security vulnerabilities can be reported directly to the maintainers using these GPG keys: * [@dometto](https://pgp.mit.edu/pks/lookup?op=vindex&search=0xD637E455CD3E27BF) +Lastly, please **consider helping out** by opening a Pull Request! + +## Triaging Issues [![Open Source Helpers](https://www.codetriage.com/gollum/gollum/badges/users.svg)](https://www.codetriage.com/gollum/gollum) + +You can triage issues which may include reproducing bug reports or asking for vital information, such as version numbers or reproduction instructions. If you would like to start triaging issues, one easy way to get started is to [subscribe to gollum on CodeTriage](https://www.codetriage.com/gollum/gollum). + + ## Opening a Pull Request Pull Requests fixing bugs, implementing new features, or updating documentation and dependencies are all very welcome! If you would like to help out with the project, you can pick an open issue from the issue tracker. We're more than happy to help you get started! Here's how you can proceed: From 90043a66cbf6995860da3601b316fb515c39e609 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 24 Sep 2018 18:11:50 +0200 Subject: [PATCH 22/35] Update README.md Update badges --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index ac38141a..35b875ad 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,8 @@ gollum -- A git-based Wiki [![Gem Version](https://badge.fury.io/rb/gollum.svg)](http://badge.fury.io/rb/gollum) [![Build Status](https://travis-ci.org/gollum/gollum.svg?branch=master)](https://travis-ci.org/gollum/gollum) [![Dependency Status](https://gemnasium.com/gollum/gollum.svg)](https://gemnasium.com/gollum/gollum) +[![codecov](https://codecov.io/gh/gollum/gollum/branch/master/graph/badge.svg)](https://codecov.io/gh/gollum/gollum) +[![Open Source Helpers](https://www.codetriage.com/gollum/gollum/badges/users.svg)](https://www.codetriage.com/gollum/gollum) ## DESCRIPTION From 66d09b76c74dd7112374103fe5763c1c6e5812d1 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 24 Sep 2018 18:34:14 +0200 Subject: [PATCH 23/35] Update README.md Remove badges that aren't working. --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index 35b875ad..02a067b5 100644 --- a/README.md +++ b/README.md @@ -3,8 +3,6 @@ gollum -- A git-based Wiki [![Gem Version](https://badge.fury.io/rb/gollum.svg)](http://badge.fury.io/rb/gollum) [![Build Status](https://travis-ci.org/gollum/gollum.svg?branch=master)](https://travis-ci.org/gollum/gollum) -[![Dependency Status](https://gemnasium.com/gollum/gollum.svg)](https://gemnasium.com/gollum/gollum) -[![codecov](https://codecov.io/gh/gollum/gollum/branch/master/graph/badge.svg)](https://codecov.io/gh/gollum/gollum) [![Open Source Helpers](https://www.codetriage.com/gollum/gollum/badges/users.svg)](https://www.codetriage.com/gollum/gollum) ## DESCRIPTION From 43d3271b4eeba9ef32829d40a071efad00cca2f6 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 24 Sep 2018 18:40:08 +0200 Subject: [PATCH 24/35] Update .gitattributes Make github-linguist ignore files that aren't our own --- .gitattributes | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.gitattributes b/.gitattributes index 09ab669c..afeecfed 100644 --- a/.gitattributes +++ b/.gitattributes @@ -30,3 +30,11 @@ gollum text # Denote all files that are truly binary and should not be modified. *.png binary *.jpg binary + +# Make github-linguist ignore files that aren't our own + +lib/gollum/public/gollum/* linguist-vendored +lib/gollum/public/gollum/javascript/gollum* linguist-vendored=false +lib/gollum/public/gollum/javascript/*/gollum* linguist-vendored=false +lib/gollum/public/gollum/css linguist-vendored=false + From 93f6b0373a1872508242e1dd6de50956777604fc Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 24 Sep 2018 19:41:36 +0200 Subject: [PATCH 25/35] Update README.md Update supported rubies. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 02a067b5..482f2bd2 100644 --- a/README.md +++ b/README.md @@ -33,9 +33,9 @@ For more information on Gollum's capabilities and pitfalls: | Operating System | Ruby | Adapters | Supported | | ---------------- | -------------- | ------------------ | --------- | -| Unix/Linux-like | Ruby 1.9.3+ | all except [RJGit](https://github.com/repotag/rjgit) | yes | +| Unix/Linux-like | Ruby (MRI) 2.1.0+ | all except [RJGit](https://github.com/repotag/rjgit) | yes | | Unix/Linux-like | [JRuby](https://github.com/jruby/jruby) (1.9.3+ compatible) | [RJGit](https://github.com/repotag/rjgit) | yes | -| Windows | Ruby 1.9.3+ | all except [RJGit](https://github.com/repotag/rjgit) | no | +| Windows | Ruby (MRI) 2.1.0+ | all except [RJGit](https://github.com/repotag/rjgit) | no | | Windows | [JRuby](https://github.com/jruby/jruby) (1.9.3+ compatible) | [RJGit](https://github.com/repotag/rjgit) | almost1 | **Notes:** From 9048d6a03d3eaf1b05ab9c453cd2885962d86c35 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 1 Oct 2018 13:30:07 +0200 Subject: [PATCH 26/35] Depend on newest gollum-lib for patched sanitize version --- HISTORY.md | 8 ++++++++ gollum.gemspec | 7 ++++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index 2771d077..d8b15041 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,3 +1,11 @@ +# 4.1.4 /2018-01-10 + +* Depend on new version of gollum-lib that relies on a patched version of sanitize, which solves a vulnerability (CVE-2018-3740). See https://github.com/gollum/gollum-lib/pull/296. + +# 4.1.3 /2018-17-09 + +* Solves a vulnerability in the File view and All Pages view that would allow XSS. + # 4.1.2 /2017-08-07 * Lock to a newer version of gollum-lib to avoid installing an outdated and vulnerable dependency (nokogiri) on ruby 2.0. See https://github.com/gollum/gollum-lib/pull/279. Note: this breaks semantic versioning so those using outdated rubies will discover the problem on update. diff --git a/gollum.gemspec b/gollum.gemspec index 53a0ec18..be5aee68 100644 --- a/gollum.gemspec +++ b/gollum.gemspec @@ -5,8 +5,8 @@ Gem::Specification.new do |s| s.required_ruby_version = '>= 1.9' s.name = 'gollum' - s.version = '4.1.3' - s.date = '2018-09-17' + s.version = '4.1.4' + s.date = '2018-10-01' s.rubyforge_project = 'gollum' s.license = 'MIT' @@ -24,7 +24,7 @@ Gem::Specification.new do |s| s.rdoc_options = ['--charset=UTF-8'] s.extra_rdoc_files = %w[README.md LICENSE] - s.add_dependency 'gollum-lib', '>= 4.2.9' + s.add_dependency 'gollum-lib', '~> 4.2', '>= 4.2.10' s.add_dependency 'kramdown', '~> 1.9.0' s.add_dependency 'sinatra', '~> 1.4', '>= 1.4.4' s.add_dependency 'mustache', ['>= 0.99.5', '< 1.0.0'] @@ -44,6 +44,7 @@ Gem::Specification.new do |s| CONTRIBUTING.md Gemfile HISTORY.md + ISSUE_TEMPLATE.md LICENSE README.md Rakefile From 02fd12339fd7e207f460bf582e7aabba7deb3408 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 1 Oct 2018 13:30:14 +0200 Subject: [PATCH 27/35] Release 4.1.4 --- lib/gollum.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/gollum.rb b/lib/gollum.rb index 5e7a9106..4f5f7181 100644 --- a/lib/gollum.rb +++ b/lib/gollum.rb @@ -16,7 +16,7 @@ require File.expand_path('../gollum/uri_encode_component', __FILE__) $KCODE = 'U' if RUBY_VERSION[0, 3] == '1.8' module Gollum - VERSION = '4.1.3' + VERSION = '4.1.4' def self.assets_path ::File.expand_path('gollum/public', ::File.dirname(__FILE__)) From b0ad3265e717dfbea2f006e03688e28b373147d3 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 1 Oct 2018 18:51:41 +0200 Subject: [PATCH 28/35] Announce Hacktober --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 482f2bd2..a9262142 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ +## It's [Hacktober](https://hacktoberfest.digitalocean.com/)! Please consider helping out. Here are just some of the [issues](https://github.com/gollum/gollum/labels/Hacktoberfest) that could use your help. Also consider [subscribing](https://www.codetriage.com/gollum/gollum) on CodeTriage. + gollum -- A git-based Wiki ==================================== From 8f7108c56f2516ba7c21f1b61d4f70f7f0c3bfad Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 15 Oct 2018 10:40:53 +0200 Subject: [PATCH 29/35] Update README.md Remove bit about building gem from source. --- README.md | 23 ++++------------------- 1 file changed, 4 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index a9262142..48c2ef9f 100644 --- a/README.md +++ b/README.md @@ -58,25 +58,6 @@ Installation examples for individual systems can be seen [here](https://github.c **Notes:** * Whichever Ruby implementation you're using, Gollum ships with the appropriate default git adapter. So the above installation procedure is common for both MRI and JRuby. -* If you're installing from source: - * Optionally uninstall any previous versions of Gollum: - ``` - [sudo] gem uninstall -aIx gollum - ``` - * Install [Bundler](http://bundler.io/). - * Navigate to the cloned source of Gollum. - * Install dependencies: - ``` - [sudo] bundle install - ``` - * Build: - ``` - rake build - ``` - * And install: - ``` - [sudo] gem install --no-document pkg/gollum*.gem - ``` ### Markups @@ -177,3 +158,7 @@ Gollum comes with the following command line options: When `--config` option is used, certain inner parts of Gollum can be customized. This is used throughout our wiki for certain user-level alterations, among which [customizing supported markups](https://github.com/gollum/gollum/wiki/Formats-and-extensions) will probably stand out. **All of the mentioned alterations work both for Gollum's config file (`config.rb`) and Rack's config file (`config.ru`).** + +# Contributing + +Please consider helping out! See [here](CONTRIBUTING.md) for pointers on how to get started with development. From b93083667d0fff8bb93f5a81597d8922c116415c Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 15 Oct 2018 10:43:23 +0200 Subject: [PATCH 30/35] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 48c2ef9f..99770b04 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -## It's [Hacktober](https://hacktoberfest.digitalocean.com/)! Please consider helping out. Here are just some of the [issues](https://github.com/gollum/gollum/labels/Hacktoberfest) that could use your help. Also consider [subscribing](https://www.codetriage.com/gollum/gollum) on CodeTriage. +## It's [Hacktober](https://hacktoberfest.digitalocean.com/)! Please consider [helping out](CONTRIBUTING.md). Here are just some of the [issues](https://github.com/gollum/gollum/labels/Hacktoberfest) that could use your help. Also consider [subscribing](https://www.codetriage.com/gollum/gollum) on CodeTriage. gollum -- A git-based Wiki ==================================== From 874c20e69f30ca6d917c64803bb36ab5c531827c Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 15 Oct 2018 10:44:32 +0200 Subject: [PATCH 31/35] Update README.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 💄 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 99770b04..5235fcbf 100644 --- a/README.md +++ b/README.md @@ -159,6 +159,6 @@ When `--config` option is used, certain inner parts of Gollum can be customized. **All of the mentioned alterations work both for Gollum's config file (`config.rb`) and Rack's config file (`config.ru`).** -# Contributing +## CONTRIBUTING Please consider helping out! See [here](CONTRIBUTING.md) for pointers on how to get started with development. From f44367c31baac5c154888a9e09b2833fa62e1c61 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Sun, 2 Dec 2018 17:35:10 +0100 Subject: [PATCH 32/35] Remove Hacktoberfest Announcement --- README.md | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 5235fcbf..db35e04e 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,3 @@ -## It's [Hacktober](https://hacktoberfest.digitalocean.com/)! Please consider [helping out](CONTRIBUTING.md). Here are just some of the [issues](https://github.com/gollum/gollum/labels/Hacktoberfest) that could use your help. Also consider [subscribing](https://www.codetriage.com/gollum/gollum) on CodeTriage. - gollum -- A git-based Wiki ==================================== @@ -9,21 +7,18 @@ gollum -- A git-based Wiki ## DESCRIPTION -Gollum is a simple wiki system built on top of Git. A Gollum Wiki is simply a git repository (either bare or regular) of a specific nature: -* A Gollum repository's contents are human-editable, unless the repository is bare. Pages are unique text files which may be organized into directories any way you choose. Other content can also be included, for example images, PDFs and headers/footers for your pages. +Gollum is a simple wiki system built on top of Git. A Gollum Wiki is simply a git repository of a specific nature: +* A Gollum repository's contents are human-editable. Pages are unique text files which may be organized into directories any way you choose, as long as they have a recognized file extension. Other content can also be included, for example images, PDFs and headers/footers. * Gollum pages: - * May be written in a variety of [markups](#markups). - * Can be edited with your favourite system editor or IDE (changes will be visible after committing) or with the built-in web interface. - * Can be displayed in all versions (commits). + * May be written in a variety of [markup languages](#markups). + * Can be edited with your favourite system editor or IDE or with the built-in web interface. + * Can be displayed in all versions, and can easily be rolled back. +* Gollum supports advanced functionality like UML diagrams, macros, metadata, and [more](https://github.com/gollum/gollum/wiki). -Gollum can be launched either as a webserver (with the web interface) or in "console mode", where you can use a predefined API to query and manipulate the repository. For more information, see the [Running](#running) and [Configuration](#configuration) sections. - -For more information on Gollum's capabilities and pitfalls: - -1. [Syntax/capability overview for pages](https://github.com/gollum/gollum/wiki). -2. [Known limitations](https://github.com/gollum/gollum/wiki/Known-limitations). -3. [Troubleshoot guide](https://github.com/gollum/gollum/wiki/Troubleshoot-guide). -4. [Security overview](https://github.com/gollum/gollum/wiki/Security). +Some helpful documentation: +1. [Known limitations](https://github.com/gollum/gollum/wiki/Known-limitations). +2. [Troubleshoot guide](https://github.com/gollum/gollum/wiki/Troubleshoot-guide). +3. [Security overview](https://github.com/gollum/gollum/wiki/Security). ### Videos From 0de56202e978444b7ad0db90f5ad0458272d433d Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 12 Aug 2019 15:33:34 +0200 Subject: [PATCH 33/35] Attempt travis fix (#1392) --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 20bed23e..0c9d8e93 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,9 +4,9 @@ rvm: - 2.2.2 - 2.3.0 - 2.4.0 - - jruby-9.1.8.0 + - jruby-9.2.7.0 jdk: - - oraclejdk8 + - oraclejdk9 before_install: - sudo apt-get update - sudo apt-get install libicu-dev From 22e0fdc8223ff2a5e84ca238737e371d9a7b64b6 Mon Sep 17 00:00:00 2001 From: Olle Jonsson Date: Mon, 12 Aug 2019 16:03:05 +0200 Subject: [PATCH 34/35] Gemspec: drop EOL'd property rubyforge_project (#1391) --- gollum.gemspec | 1 - 1 file changed, 1 deletion(-) diff --git a/gollum.gemspec b/gollum.gemspec index be5aee68..27c9dc8e 100644 --- a/gollum.gemspec +++ b/gollum.gemspec @@ -7,7 +7,6 @@ Gem::Specification.new do |s| s.name = 'gollum' s.version = '4.1.4' s.date = '2018-10-01' - s.rubyforge_project = 'gollum' s.license = 'MIT' s.summary = 'A simple, Git-powered wiki.' From f0122cebb593b7b1594fb322a320a767646aed3b Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Fri, 27 Mar 2020 11:18:00 +0100 Subject: [PATCH 35/35] Created Home (markdown) --- Home.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 Home.md diff --git a/Home.md b/Home.md new file mode 100644 index 00000000..3b124649 --- /dev/null +++ b/Home.md @@ -0,0 +1 @@ +TEST \ No newline at end of file