panicsteve / w2wiki Goto Github PK

Big fan of your wiki, thanks for sharing!
Since I saw no license hint, I was wondering under which conditions you are releasing this code? I love what you've done and have started to adapt it to my use case already (see codeling/w2wiki); I'm feeling a bit queasy though because of the missing license information - would it be possible to add some hint regarding that? Thanks!

Is it possible to delete a page via the interface? Maybe something like a "Delete" button next to the "Edit" one?

Hi Steve,
First thing first, love your w2wiki so much and thank you so much for creating a simple but elegant solution.
This behaviour happens when I did as below

• Add a new content with some code which contains backslashes in code section (back tick)
• Save it
• All backslashes got removed.
• Edit it, re-add backslashed but double them this time.
• Save it. And now the view show the intended text.
• One of the two backslashes remains at each occurence.
• Edit again but not doing anything.
• Save it
• All backslashes are now gone.

I tried to remove that stripslashes call and all content looks fine. Any rationale for that call?
Cheers,
Nam

A link to [[A#B]] renders as w2wiki.org/index.php/A#B, and is eventually written to a file called "A".

The title says it all really. The demo at http://stevenf.com/w2demo/ no longer works

Looking at this recent commit, I wondered why only links and images should be specially treated for html entities; what specific forms of XSS are prevented by that?

The wiki in its current form allows for HTML to be entered as far as my tests are concerned; entering

<script>alert('Hello');</script>

on a page brings up an alert box...

Doesn't the htmlentities handling need to happen earlier (on $inText at the start of toHTML)? The one happening right before the end of toHTML doesn't do anything ($inText isn't used anymore after that), and would break the previously inserted images/links etc. anyway...

I've tried a fix in my fork: codeling@77cb75d
and it seems to at least prevent the simple XSS shown above.

I get warnings printed to my nginx error log on every page load. The page loads fine, it's just nice to remove this to make logs more readable.

2022/04/21 13:56:37 [error] 15114#15114: *324651 FastCGI sent in stderr: "PHP message: PHP Notice:  Undefined variable: text in /var/www/lexicon1/index.php on line 490" while reading response header from upstream, client: ::ffff:174.101.140.242, server: lexicon.za3k.com, request: "GET /index.php/LexiconOne HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.3-fpm.sock:", host: "lexicon.za3k.com"

HI

Could you please add a password function for edit pages / save changes, not only to access the wiki ?

CHEERS

You just updated the markdown libraries to add PHP 8 support. Unfortunately, this broke PHP 7.3 support. PHP 7.3 is the latest available in debian buster (one version ago, which I'm running), though 7.4 is available in the latest stable. The problems introduced were:

• public string, protected int etc are not available in 7.3. Many instances
• One => lambda function was added

readme.txt still says this supports PHP 4. Could you update the docs or fix the problem? Happy to provide a PR if you're okay patching the library as a solution, which is what I did.