From c0fa5b8ae4d7b4b5bb3c5693f14c27aae8abbc8b Mon Sep 17 00:00:00 2001 From: Starbeamrainbowlabs Date: Sat, 8 Aug 2020 22:01:12 +0100 Subject: [PATCH 01/14] Finish improvements to pageindex rebuilder also squash warning from stats engine during the firstrun wizard --- Changelog.md | 3 +++ core/05-functions.php | 38 +++++++++++++++++++++++++++++++++++- core/20-pageindex-loader.php | 37 +++++++++++++++++++++++++++++++---- modules/feature-stats.php | 6 +++++- 4 files changed, 78 insertions(+), 6 deletions(-) diff --git a/Changelog.md b/Changelog.md index 52cd242..8bfd539 100644 --- a/Changelog.md +++ b/Changelog.md @@ -7,6 +7,7 @@ Make sure you have PHP 7.3+ when you update past this point! It isn't the end of ### Added - [Module Api] Add new `search::invindex_term_getpageids`, and `search::invindex_term_getoffsets`, and `search::index_sort_freq` methods + - [Module Api] Add new `ends_with` and `filepath_to_pagename` core functions - Added new syntax features to PeppermintParsedown, inspired by ParsedownExtreme (which we couldn't get to work, and it wasn't working before as far as I can tell) - Checkboxes: `[ ]` and `[x]` after a bullet point or at the start of a line - Marked / highlighted text: `Some text ==marked text== more text` @@ -42,6 +43,7 @@ Make sure you have PHP 7.3+ when you update past this point! It isn't the end of - A warning is generated in PHP 7.2 and below = [please upgrade](https://www.php.net/supported-versions.php) to PHP 7.3+! (#200) - [security] The `Secure` cookie flag is now automatically added when clients use HTTPS to prevent downgrade-based session stealing attacks (control this with the new `cookie_secure` setting) - Standardised prefixes to (most) `error_log()` calls to aid clarity in multi-wiki environments + - Improved pageindex rebuilder algorithm to search for and import history revisions - this helps when converting data from another wiki format ### Fixed - Squashed a warning when using the fenced code block syntax @@ -58,6 +60,7 @@ Make sure you have PHP 7.3+ when you update past this point! It isn't the end of - Fixed an obscure warning when previewing PDFs (#202) - Ensure that the parent page exists when moving a page to be a child of a non-existent parent (#201) - Fixed templating (#203) + - Fixed warning from statistics engine during firstrun wizard ## v0.21.1-hotfix1 diff --git a/core/05-functions.php b/core/05-functions.php index 6848165..67d2630 100644 --- a/core/05-functions.php +++ b/core/05-functions.php @@ -159,6 +159,30 @@ function path_resolve(string $path, string $basePath = null) { return implode(DIRECTORY_SEPARATOR, $components); } +/** + * Converts a filepath to a page name. + * @param string $filepath The filepath to convert. + * @return string The extracted pagename. + */ +function filepath_to_pagename(string $filepath) : string { + global $env; + // Strip the storage prefix, but only if it isn't a dot + if(starts_with($filepath, $env->storage_prefix) && $env->storage_prefix !== ".") { + $filepath = substr($filepath, strlen($env->storage_prefix)); + // Strip the forward slash at the beginning + if($filepath[0] == "/" && $env->storage_prefix[-1] !== "/") + $filepath = substr($filepath, 1); + } + + if(preg_match("/\.r[0-9]+$/", $filepath) !== false) + $filepath = substr($filepath, 0, strrpos($filepath, ".r")); + + if(ends_with($filepath, ".md")) + $filepath = substr($filepath, 0, -3); + + return $filepath; +} + /** * Gets the name of the parent page to the specified page. * @apiVersion 0.15.0 @@ -303,10 +327,22 @@ function hide_email($str) * of $haystack. * @return bool Whether $needle can be found at the beginning of $haystack. */ -function starts_with($haystack, $needle) { +function starts_with(string $haystack, string $needle) : bool { $length = strlen($needle); return (substr($haystack, 0, $length) === $needle); } +/** + * Checks to see if $hackstack ends with $needle. + * The matching bookend to starts_with. + * @package core + * @param string $haystack The haystack to search.. + * @param string $needle The needle to look for. + * @return bool + */ +function ends_with(string $haystack, string $needle) : bool { + $length = strlen($needle); + return (substr($haystack, -$length) === $needle); +} /** * Case-insensitively finds all occurrences of $needle in $haystack. Handles diff --git a/core/20-pageindex-loader.php b/core/20-pageindex-loader.php index a973f67..d15e876 100644 --- a/core/20-pageindex-loader.php +++ b/core/20-pageindex-loader.php @@ -103,16 +103,45 @@ if(!file_exists($paths->pageindex)) if(function_exists("history_add_revision")) { $history_revs = glob_recursive($env->storage_prefix . "*.r*"); + // It's very important that we read the history revisions in the right order and that we don't skip any + usort($history_revs, function($a, $b) { + preg_match("/[0-9]+$/", $a, $revid_a); + $revid_a = intval($revid_a[0]); + preg_match("/[0-9]+$/", $b, $revid_b); + $revid_b = intval($revid_b[0]); + return $revid_a - $revid_b; + }); + $strlen_storageprefix = strlen($env->storage_prefix); foreach($history_revs as $filename) { - preg_match("/[0-9]+$/", "Main Page.md.r0", $revid); + preg_match("/[0-9]+$/", $filename, $revid); + error_log("raw revid | ".var_export($revid, true)); if(count($revid) === 0) continue; $revid = intval($revid[0]); - // TODO: Extract the pagename here (maybe a function is worth implementing if we haven't already?) + $pagename = filepath_to_pagename($filename); + $filepath_stripped = substr($filename, $strlen_storageprefix); - if($revid == 0 && ) { - + if(!isset($pageindex->$pagename->history)) + $pageindex->$pagename->history = []; + + if(isset($pageindex->$pagename->history[$revid])) + continue; + + error_log("pagename: $pagename, revid: $revid, pageindex entry: ".var_export($pageindex->$pagename, true)); + $newsize = filesize($filename); + $prevsize = 0; + if($revid > 0 && isset($pageindex->$pagename->history[$revid - 1])) { + $prevsize = filesize(end($pageindex->$pagename->history)->filename); } + $pageindex->$pagename->history[$revid] = (object) [ + "type" => "edit", + "rid" => $revid, + "timestamp" => filemtime($filename), + "filename" => $filepath_stripped, + "newsize" => $newsize, + "sizediff" => $newsize - $prevsize, + "editor" => "unknown" + ]; } } diff --git a/modules/feature-stats.php b/modules/feature-stats.php index 594401a..c0f74af 100644 --- a/modules/feature-stats.php +++ b/modules/feature-stats.php @@ -1,7 +1,7 @@ "Statistics", - "version" => "0.4.1", + "version" => "0.4.2", "author" => "Starbeamrainbowlabs", "description" => "An extensible statistics calculation system. Comes with a range of built-in statistics, but can be extended by other modules too.", "id" => "feature-stats", @@ -302,6 +302,10 @@ function update_statistics($update_all = false, $force = false) { global $settings, $env, $paths, $statistic_calculators; + // If the firstrun wizard isn't complete, then there's no point in updating the statistics index + if(isset($settings->firstrun_complete) && $settings->firstrun_complete == false) + return; + $stats_mtime = filemtime($paths->statsindex); // Clear the existing statistics if we are asked to recalculate them all From 5fed4cb5ab94da9668aae72f22d55ef277eedef7 Mon Sep 17 00:00:00 2001 From: Starbeamrainbowlabs Date: Sat, 8 Aug 2020 22:18:12 +0100 Subject: [PATCH 02/14] Bugfixx: improve rebustness of new filepath_to_pagename and pageindex rebuilder --- core/05-functions.php | 16 +++++++--------- core/20-pageindex-loader.php | 16 +++++++--------- 2 files changed, 14 insertions(+), 18 deletions(-) diff --git a/core/05-functions.php b/core/05-functions.php index 67d2630..746ec17 100644 --- a/core/05-functions.php +++ b/core/05-functions.php @@ -167,18 +167,16 @@ function path_resolve(string $path, string $basePath = null) { function filepath_to_pagename(string $filepath) : string { global $env; // Strip the storage prefix, but only if it isn't a dot - if(starts_with($filepath, $env->storage_prefix) && $env->storage_prefix !== ".") { - $filepath = substr($filepath, strlen($env->storage_prefix)); - // Strip the forward slash at the beginning - if($filepath[0] == "/" && $env->storage_prefix[-1] !== "/") - $filepath = substr($filepath, 1); - } + if(starts_with($filepath, $env->storage_prefix) && $env->storage_prefix !== ".") + $filepath = mb_substr($filepath, mb_strlen($env->storage_prefix)); - if(preg_match("/\.r[0-9]+$/", $filepath) !== false) - $filepath = substr($filepath, 0, strrpos($filepath, ".r")); + // If a revision number is detected, strip it + if(preg_match("/\.r[0-9]+$/", $filepath) > 0) + $filepath = mb_substr($filepath, 0, mb_strrpos($filepath, ".r")); + // Strip the .md file extension if(ends_with($filepath, ".md")) - $filepath = substr($filepath, 0, -3); + $filepath = mb_substr($filepath, 0, -3); return $filepath; } diff --git a/core/20-pageindex-loader.php b/core/20-pageindex-loader.php index d15e876..984fea6 100644 --- a/core/20-pageindex-loader.php +++ b/core/20-pageindex-loader.php @@ -22,25 +22,21 @@ if(!file_exists($paths->pageindex)) // Create a new entry $newentry = new stdClass(); - $newentry->filename = substr( // Store the filename, whilst trimming the storage prefix + $newentry->filename = mb_substr( // Store the filename, whilst trimming the storage prefix $pagefilename, mb_strlen(preg_replace("/^\.\//iu", "", $env->storage_prefix)) // glob_recursive trim the ./ from returned filenames , so we need to as well ); // Remove the `./` from the beginning if it's still hanging around - if(substr($newentry->filename, 0, 2) == "./") - $newentry->filename = substr($newentry->filename, 2); + if(mb_substr($newentry->filename, 0, 2) == "./") + $newentry->filename = mb_substr($newentry->filename, 2); $newentry->size = filesize($pagefilename); // Store the page size $newentry->lastmodified = filemtime($pagefilename); // Store the date last modified // Todo find a way to keep the last editor independent of the page index $newentry->lasteditor = "unknown"; // Set the editor to "unknown" - - - // POTENTIAL BUG: If $env->storage_prefix is not ., then this we need to be more intelligent here - - // Extract the name of the (sub)page without the ".md" - $pagekey = mb_substr($newentry->filename, 0, -3); + $pagekey = filepath_to_pagename($newentry->filename); + error_log("pagename '$newentry->filename' → filepath '$pagekey'"); if(file_exists($env->storage_prefix . $pagekey) && // If it exists... !is_dir($env->storage_prefix . $pagekey)) // ...and isn't a directory @@ -84,6 +80,7 @@ if(!file_exists($paths->pageindex)) } } + // If the initial revision doesn't exist on disk, create it (if it does, then we handle that later) if(function_exists("history_add_revision") && !file_exists("{$pagefilename}.r0")) { // Can't use module_exists - too early copy($pagefilename, "{$pagefilename}.r0"); $newentry->history = [ (object) [ @@ -111,6 +108,7 @@ if(!file_exists($paths->pageindex)) $revid_b = intval($revid_b[0]); return $revid_a - $revid_b; }); + // We can guarantee that the direcotry separator is present on the end - it's added explicitly earlier $strlen_storageprefix = strlen($env->storage_prefix); foreach($history_revs as $filename) { preg_match("/[0-9]+$/", $filename, $revid); From e710d558834dd689162ca137de570eaf17fed62d Mon Sep 17 00:00:00 2001 From: Starbeamrainbowlabs Date: Sun, 9 Aug 2020 13:03:40 +0100 Subject: [PATCH 03/14] makepathsafe: don't allow dots on their own Specifically, we don't want a single dot as a page name. This is because '.' has a special meaning on Linux: The current directory. --- core/05-functions.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/core/05-functions.php b/core/05-functions.php index 746ec17..429995a 100644 --- a/core/05-functions.php +++ b/core/05-functions.php @@ -289,6 +289,8 @@ function makepathsafe($string) $string = preg_replace("/\.+/", ".", $string); // Don't allow slashes at the beginning $string = ltrim($string, "\\/"); + // Don't allow dots on their own + $string = preg_replace(["/^\.\\/|\\/\.$/", "/\\/\.\\//"], ["", "/"], $string); return $string; } From 9a0b2d6ba71c8bc982125db6bfbdd5ea4b88140e Mon Sep 17 00:00:00 2001 From: Starbeamrainbowlabs Date: Sun, 9 Aug 2020 13:04:29 +0100 Subject: [PATCH 04/14] parser-parsedown: improve heading id documentation --- modules/parser-parsedown.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/parser-parsedown.php b/modules/parser-parsedown.php index 56aefa7..e3a0c79 100644 --- a/modules/parser-parsedown.php +++ b/modules/parser-parsedown.php @@ -1,7 +1,7 @@ "Parsedown", - "version" => "0.11.1", + "version" => "0.11.2", "author" => "Emanuil Rusev & Starbeamrainbowlabs", "description" => "An upgraded (now default!) parser based on Emanuil Rusev's Parsedown Extra PHP library (https://github.com/erusev/parsedown-extra), which is licensed MIT. Please be careful, as this module adds some weight to your installation.", "extra_data" => [ @@ -375,7 +375,7 @@ register_module([

Tips

  • Put 2 spaces at the end of a line to add a soft line break. Leave a blank line to add a head line break (i.e. a new paragraph).
    • -
  • You can add an id to a header that you can link to. Put it in curly braces after the heading name like this: # Heading Name {#HeadingId}. Then you can link to like like this: [[Page name#HeadingId}]]. You can also link to a heading id on the current page by omitting the page name: [[#HeadingId]].
    • +
  • If you don't like the default id given to a header, you can add a custom one instead. Put it in curly braces after the heading name like this: # Heading Name {#HeadingId}. Then you can link to like like this: [[Page name#HeadingId}]]. You can also link to a heading id on the current page by omitting the page name: [[#HeadingId]]. Finally, a heading id is automatically generated for every heading by default. Take the heading name, make it lowercase, and replace the spaces with dashes ., and that's the heading ID that you can link to (although sometimes some special characters are removed).

Extra Syntax

$settings->sitename's editor also supports some extra custom syntax, some of which is inspired by Mediawiki. From 272fdea0eebca7bef20126d09305c5e99e9e1e66 Mon Sep 17 00:00:00 2001 From: Starbeamrainbowlabs Date: Sun, 9 Aug 2020 17:11:12 +0100 Subject: [PATCH 05/14] parser-parsedown: tweak help again --- modules/parser-parsedown.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/parser-parsedown.php b/modules/parser-parsedown.php index e3a0c79..c69e6af 100644 --- a/modules/parser-parsedown.php +++ b/modules/parser-parsedown.php @@ -408,7 +408,8 @@ register_module([ {{{~}}}Outputs the requested page's name. {{{*}}}Outputs a comma separated list of all the subpages of the current page. {{{+}}}Shows a gallery containing all the files that are sub pages of the current page. - "); + +

Note that a page doesn't not need to be included as a template to use these variables."); if($settings->parser_ext_renderers_enabled) { $doc_help = "

$settings->sitename supports external renderers. External renderers take the content of a code fence block, like this:

```language_code

From 93bff0942227787f8730545989de9e60915be3a5 Mon Sep 17 00:00:00 2001
From: Starbeamrainbowlabs 
Date: Sun, 9 Aug 2020 23:53:29 +0100
Subject: [PATCH 06/14] Update hide_email implementation

It now requires Javascript to decode the email address. If this is a
problem for whatever reason, please get in touch by opening an issue. I
take accessibility very seriously.
---
 core/05-functions.php                | 38 ++++++++++++++--------------
 core/40-page-renderer.php            |  3 +--
 core/70-parser-engine.php            |  2 +-
 modules/feature-comments.php         |  8 +++---
 modules/feature-stats.php            |  4 +--
 modules/feature-user-preferences.php |  4 +--
 modules/page-export.php              | 10 +++-----
 modules/page-login.php               |  4 +--
 8 files changed, 35 insertions(+), 38 deletions(-)

diff --git a/core/05-functions.php b/core/05-functions.php
index 429995a..dbf8b74 100644
--- a/core/05-functions.php
+++ b/core/05-functions.php
@@ -295,30 +295,30 @@ function makepathsafe($string)
 }
 
 /**
- * Hides an email address from bots by adding random html entities.
- * @todo			Make this more clevererer :D
+ * Hides an email address from bots. Returns a fragment of HTML that contains the mangled email address.
  * @package core
- * @param	string	$str	The original email address
- * @return	string			The mangled email address.
+ * @param	string	$str			The original email address
+ * @param	string	$display_text	The display text for the resulting HTML - if null then the original email address is used.
+ * @return	string	The mangled email address.
  */
-function hide_email($str)
+function hide_email(string $email, string $display_text = null) : string
 {
-	$hidden_email = "";
-	for($i = 0; $i < strlen($str); $i++)
-	{
-		if($str[$i] == "@")
-		{
-			$hidden_email .= "&#" . ord("@") . ";";
-			continue;
-		}
-		if(rand(0, 1) == 0)
-			$hidden_email .= $str[$i];
-		else
-			$hidden_email .= "&#" . ord($str[$i]) . ";";
+	$enc = json_encode([ $email, $display_text ]);
+	$len = strlen($enc);
+	$pool = []; for($i = 0; $i < $len; $i++) $pool[] = $i;
+	$a = []; $b = [];
+	for($i = 0; $i < $len; $i++) {
+		$n = random_int(0, $len - $i - 1);
+		$j = array_splice($pool, $n, 1)[0]; $b[] = $j;
+		// echo("chose ".$enc[$j].", index $j, n $n\n");
+		$a[] = $enc[$j];
 	}
-
-	return $hidden_email;
+	$a = base64_encode(implode("|", $a));
+	$b = base64_encode(implode("|", $b));
+	$span_id = "he-".crypto_id(16);
+	return "[protected with javascript]";
 }
+
 /**
  * Checks to see if $haystack starts with $needle.
  * @package	core
diff --git a/core/40-page-renderer.php b/core/40-page-renderer.php
index 78710cd..ca46eb8 100644
--- a/core/40-page-renderer.php
+++ b/core/40-page-renderer.php
@@ -128,8 +128,7 @@ class page_renderer
 		if(!is_callable($function))
 		{
 			http_response_code(500);
-			$admin_email = hide_email($settings->admindetails_email);
-			exit(page_renderer::render("$settings->sitename - Module Error", "
$settings->sitename has got a misbehaving module installed that tried to register an invalid HTML handler with the page renderer. Please contact $settings->sitename's administrator {$settings->admindetails_name} at $admin_email."));
+			exit(page_renderer::render("$settings->sitename - Module Error", "
$settings->sitename has got a misbehaving module installed that tried to register an invalid HTML handler with the page renderer. Please contact $settings->sitename's administrator {$settings->admindetails_name} at ".hide_email($settings->admindetails_email)."."));
 		}
 
 		self::$part_processors[] = $function;
diff --git a/core/70-parser-engine.php b/core/70-parser-engine.php
index 9d003cb..293f867 100644
--- a/core/70-parser-engine.php
+++ b/core/70-parser-engine.php
@@ -45,7 +45,7 @@ function parse_page_source($source, $untrusted = false, $use_cache = true) {
 	if(!$settings->parser_cache || strlen($source) < $settings->parser_cache_min_size) $use_cache = false;
 	
 	if(!isset($parsers[$settings->parser]))
-		exit(page_renderer::render_main("Parsing error - $settings->sitename", "
Parsing some page source data failed. This is most likely because $settings->sitename has the parser setting set incorrectly. Please contact " . $settings->admindetails_name . ", your $settings->sitename Administrator."));
+		exit(page_renderer::render_main("Parsing error - $settings->sitename", "
Parsing some page source data failed. This is most likely because $settings->sitename has the parser setting set incorrectly. Please contact " . hide_email($settings->admindetails_email, $settings->admindetails_name) . ", $settings->sitename's Administrator."));
 	
 /* Not needed atm because escaping happens when saving, not when rendering *
 	if($settings->clean_raw_html)
diff --git a/modules/feature-comments.php b/modules/feature-comments.php
index d89af84..4640848 100644
--- a/modules/feature-comments.php
+++ b/modules/feature-comments.php
@@ -1,7 +1,7 @@
  "Page Comments",
-	"version" => "0.3.2",
+	"version" => "0.3.3",
 	"author" => "Starbeamrainbowlabs",
 	"description" => "Adds threaded comments to the bottom of every page.",
 	"id" => "feature-comments",
@@ -67,7 +67,7 @@ register_module([
 			if(!file_exists($comment_filename)) {
 				if(file_put_contents($comment_filename, "[]\n") === false) {
 					http_response_code(503);
-					exit(page_renderer::renderer_main("Error posting comment - $settings->sitename", "
$settings->sitename ran into a problem whilst creating a file to save your comment to! Please contact $settings->admindetails_name, $settings->sitename's administrator and tell them about this problem.
"));
+					exit(page_renderer::renderer_main("Error posting comment - $settings->sitename", "
$settings->sitename ran into a problem whilst creating a file to save your comment to! Please contact " . hide_email($settings->admindetails_email, $settings->admindetails_name) . ", $settings->sitename's administrator and tell them about this problem.
"));
 				}
 			}
 			
@@ -120,7 +120,7 @@ register_module([
 			// Save the comments back to disk
 			if(file_put_contents($comment_filename, json_encode($comment_data, JSON_PRETTY_PRINT)) === false) {
 				http_response_code(503);
-				exit(page_renderer::renderer_main("Error posting comment - $settings->sitename", "
$settings->sitename ran into a problem whilst saving your comment to disk! Please contact $settings->admindetails_name, $settings->sitename's administrator and tell them about this problem.
"));
+				exit(page_renderer::renderer_main("Error posting comment - $settings->sitename", "
$settings->sitename ran into a problem whilst saving your comment to disk! Please contact " . hide_email($settings->admindetails_email, $settings->admindetails_name) . ", $settings->sitename's administrator and tell them about this problem.
"));
 			}
 			
 			// Add a recent change if the recent changes module is installed
@@ -198,7 +198,7 @@ register_module([
 			
 			if(!file_put_contents($comment_filename, json_encode($comments))) {
 				http_response_code(503);
-				exit(page_renderer::render_main("Server Error - Deleting Comment - $settings->sitename", "
While $settings->sitename was able to delete the comment with the id " . htmlentities($target_id) . " on the page $env->page, it couldn't save the changes back to disk. Please contact $settings->admindetails_name, $settings->sitename's local friendly administrator about this issue.
"));
+				exit(page_renderer::render_main("Server Error - Deleting Comment - $settings->sitename", "
While $settings->sitename was able to delete the comment with the id " . htmlentities($target_id) . " on the page $env->page, it couldn't save the changes back to disk. Please contact " . hide_email($settings->admindetails_email, $settings->admindetails_name) . ", $settings->sitename's local friendly administrator about this issue.
"));
 			}
 			
 			exit(page_renderer::render_main("Comment Deleted - $settings->sitename", "
The comment with the id " . htmlentities($target_id) . " on the page $env->page has been deleted successfully. Go back to " . htmlentities($env->page) . ".
"));
diff --git a/modules/feature-stats.php b/modules/feature-stats.php
index c0f74af..8490f89 100644
--- a/modules/feature-stats.php
+++ b/modules/feature-stats.php
@@ -1,7 +1,7 @@
  "Statistics",
-	"version" => "0.4.2",
+	"version" => "0.4.3",
 	"author" => "Starbeamrainbowlabs",
 	"description" => "An extensible statistics calculation system. Comes with a range of built-in statistics, but can be extended by other modules too.",
 	"id" => "feature-stats",
@@ -58,7 +58,7 @@ register_module([
 				switch($stat_calculator["type"]) {
 					case "page-list":
 						if(!module_exists("page-list")) {
-							$content .= "
$settings->sitename doesn't current have the page listing module installed, so HTML rendering of this statistic is currently unavailable. Try contacting $settings->admindetails_name, $settings->sitename's administrator and asking then to install the page-list module.
";
+							$content .= "
$settings->sitename doesn't current have the page listing module installed, so HTML rendering of this statistic is currently unavailable. Try " . hide_email($settings->admindetails_email, "contacting $settings->admindetails_name") . ", $settings->sitename's administrator and asking then to install the page-list module.
";
 							break;
 						}
 						$content .= "
Count: " . count($stats->{$_GET["stat"]}->value) . "
\n";
diff --git a/modules/feature-user-preferences.php b/modules/feature-user-preferences.php
index f122536..1124a79 100644
--- a/modules/feature-user-preferences.php
+++ b/modules/feature-user-preferences.php
@@ -1,7 +1,7 @@
  "User Preferences",
-	"version" => "0.4",
+	"version" => "0.4.1",
 	"author" => "Starbeamrainbowlabs",
 	"description" => "Adds a user preferences page, letting people do things like change their email address and password.",
 	"id" => "feature-user-preferences",
@@ -135,7 +135,7 @@ register_module([
 			// Save the user's preferences
 			if(!save_userdata()) {
 				http_response_code(503);
-				exit(page_renderer::render_main("Error Saving Preferences - $settings->sitename", "
$settings->sitename had some trouble saving your preferences! Please contact $settings->admindetails_name, $settings->sitename's administrator and tell them about this error if it still occurs in 5 minutes. They can be contacted by email at this address: " . hide_email($settings->admindetails_email) . ".
"));
+				exit(page_renderer::render_main("Error Saving Preferences - $settings->sitename", "
$settings->sitename had some trouble saving your preferences! Please contact $settings->admindetails_name, $settings->sitename's administrator and tell them about this error if it still occurs in 5 minutes. They can be contacted by email at this address: ".hide_email($settings->admindetails_email).".
"));
 			}
 			
 			exit(page_renderer::render_main("Preferences Saved Successfully - $settings->sitename", "
Your preferences have been saved successfully! You could go back your preferences page, or on to the $settings->defaultpage.

diff --git a/modules/page-export.php b/modules/page-export.php
index b319932..ff05083 100644
--- a/modules/page-export.php
+++ b/modules/page-export.php
@@ -1,7 +1,7 @@
  "Export",
-	"version" => "0.5",
+	"version" => "0.5.1",
 	"author" => "Starbeamrainbowlabs",
 	"description" => "Adds a page that you can use to export your wiki as a .zip file. Uses \$settings->export_only_allow_admins, which controls whether only admins are allowed to export the wiki.",
 	"id" => "page-export",
@@ -40,8 +40,7 @@ register_module([
 			
 			$zip = new ZipArchive();
 			
-			if($zip->open($tmpfilename, ZipArchive::CREATE) !== true)
-			{
+			if($zip->open($tmpfilename, ZipArchive::CREATE) !== true) {
 				http_response_code(507);
 				exit(page_renderer::render("Export error - $settings->sitename", "Pepperminty Wiki was unable to open a temporary file to store the exported data in. Please contact $settings->sitename's administrator (" . $settings->admindetails_name . " at " . hide_email($settings->admindetails_email) . ") for assistance."));
 			}
@@ -52,10 +51,9 @@ register_module([
 					$zip->addFile($entry->uploadedfilepath);
 			}
 			
-			if($zip->close() !== true)
-			{
+			if($zip->close() !== true) {
 				http_response_code(500);
-				exit(page_renderer::render("Export error - $settings->sitename", "Pepperminty wiki was unable to close the temporary zip file after creating it. Please contact $settings->sitename's administrator (" . $settings->admindetails_name . " at " . hide_email($settings->admindetails_email) . ") for assistance."));
+				exit(page_renderer::render("Export error - $settings->sitename", "Pepperminty wiki was unable to close the temporary zip file after creating it. Please contact $settings->sitename's administrator (" . $settings->admindetails_name . " at " . hide_email($settings->admindetails_email) . ") for assistance (this might be a bug)."));
 			}
 			
 			header("content-type: application/zip");
diff --git a/modules/page-login.php b/modules/page-login.php
index 0bc7ac2..927db60 100644
--- a/modules/page-login.php
+++ b/modules/page-login.php
@@ -1,7 +1,7 @@
  "Login",
-	"version" => "0.9.5",
+	"version" => "0.9.6",
 	"author" => "Starbeamrainbowlabs",
 	"description" => "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
 	"id" => "page-login",
@@ -182,7 +182,7 @@ register_module([
 		
 		// Register a section on logging in on the help page.
 		add_help_section("30-login", "Logging in", "
In order to edit $settings->sitename and have your edit attributed to you, you need to be logged in. Depending on the settings, logging in may be a required step if you want to edit at all. Thankfully, loggging in is not hard. Simply click the "Login" link in the top left, type your username and password, and then click login.

-		
If you do not have an account yet and would like one, try contacting $settings->admindetails_name, $settings->sitename's administrator and ask them nicely to see if they can create you an account.
");
+		
If you do not have an account yet and would like one, try contacting " . hide_email($settings->admindetails_email, $settings->admindetails_name) . ", $settings->sitename's administrator and ask them nicely to see if they can create you an account.
");
 		
 		// Re-check the password hashing cost, if necessary
 		do_password_hash_code_update();

From 6bd71b89e25d913963ecf7a18c38083a6dc8c55b Mon Sep 17 00:00:00 2001
From: Starbeamrainbowlabs 
Date: Sun, 9 Aug 2020 23:54:58 +0100
Subject: [PATCH 07/14] Update changelog

---
 Changelog.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Changelog.md b/Changelog.md
index 8bfd539..90e57a1 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -44,6 +44,7 @@ Make sure you have PHP 7.3+ when you update past this point! It isn't the end of
  - [security] The `Secure` cookie flag is now automatically added when clients use HTTPS to prevent downgrade-based session stealing attacks (control this with the new `cookie_secure` setting)
  - Standardised prefixes to (most) `error_log()` calls to aid clarity in multi-wiki environments
  - Improved pageindex rebuilder algorithm to search for and import history revisions - this helps when converting data from another wiki format
+ - Improved spam protection when hiding email addresses. Javascript is now required to decode email addresses - please [get in touch](https://github.com/sbrl/Pepperminty-Wiki/issues/new) if this is a problem for whatever reason. I take accessibility _very_ seriously.
 
 ### Fixed
  - Squashed a warning when using the fenced code block syntax

From 89d835afa5e42df9fcda33eb3c04f5dc3b354a65 Mon Sep 17 00:00:00 2001
From: Starbeamrainbowlabs 
Date: Tue, 11 Aug 2020 01:02:17 +0100
Subject: [PATCH 08/14] Don't redirect when clicking on a redirect page in the
 recent changes list

---
 Changelog.md                       | 2 +-
 modules/feature-recent-changes.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Changelog.md b/Changelog.md
index 90e57a1..d7b5e62 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -50,7 +50,7 @@ Make sure you have PHP 7.3+ when you update past this point! It isn't the end of
  - Squashed a warning when using the fenced code block syntax
  - If a redirect page sends you to create a page that doesn't exist, a link back to the redirect page itself is now displayed
  - Really fix bots getting into infinite loops on the login page this time by marking all login pages as `noindex, nofollow` with a robots `` tag
- - Navigating to a redirect page from a page list will no longer cause you to automatically follow the redirect
+ - Navigating to a redirect page from a page list or the recent changes list will no longer cause you to automatically follow the redirect
  - Limited sidebar size to 20% of the screen width at most
  - Fix the [large blank space problem](https://github.com/sbrl/Pepperminty-Wiki/blob/master/Changelog.md#fixed-3) in all themes
  - Squashed the text `\A` appearing before tags at the bottom of pages for some users ([ref](https://gitter.im/Pepperminty-Wiki/Lobby?at=5f0632068342f4627401f145))
diff --git a/modules/feature-recent-changes.php b/modules/feature-recent-changes.php
index 817c699..4c66a64 100644
--- a/modules/feature-recent-changes.php
+++ b/modules/feature-recent-changes.php
@@ -305,7 +305,7 @@ function render_recent_change($rchange)
 			if($rchange_type === "revert")
 				$resultClasses[] = "reversion";
 			
-			$result .= "$pageDisplayHtml $editorDisplayHtml $timeDisplayHtml ($size_display)";
+			$result .= "$pageDisplayHtml $editorDisplayHtml $timeDisplayHtml ($size_display)";
 			break;
 			
 		case "deletion":

From b9cbfb76195616e99fe4e71fcfed6cf8fabf2d6c Mon Sep 17 00:00:00 2001
From: Starbeamrainbowlabs 
Date: Tue, 11 Aug 2020 01:06:03 +0100
Subject: [PATCH 09/14] Bump title & tag match weightings in search results

---
 Changelog.md              | 1 +
 peppermint.guiconfig.json | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Changelog.md b/Changelog.md
index d7b5e62..92afd8b 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -45,6 +45,7 @@ Make sure you have PHP 7.3+ when you update past this point! It isn't the end of
  - Standardised prefixes to (most) `error_log()` calls to aid clarity in multi-wiki environments
  - Improved pageindex rebuilder algorithm to search for and import history revisions - this helps when converting data from another wiki format
  - Improved spam protection when hiding email addresses. Javascript is now required to decode email addresses - please [get in touch](https://github.com/sbrl/Pepperminty-Wiki/issues/new) if this is a problem for whatever reason. I take accessibility _very_ seriously.
+ - Bump weighting of title and tag matches in search results (delete the `search_title_matches_weighting` and `search_tags_matches_weighting` settings to get the new weightings)
 
 ### Fixed
  - Squashed a warning when using the fenced code block syntax
diff --git a/peppermint.guiconfig.json b/peppermint.guiconfig.json
index 999beda..e8f23b1 100644
--- a/peppermint.guiconfig.json
+++ b/peppermint.guiconfig.json
@@ -235,8 +235,8 @@
 	"avatars_size": { "type": "number", "description": "The image size to render avatars at. Does not affect the size they're stored at - only the inline rendered size (e.g. on the recent changes page etc.)", "default": 32},
 	"search_characters_context": { "type": "number", "description": "The number of characters that should be displayed either side of a matching term in the context below each search result.", "default": 75},
 	"search_characters_context_total": { "type": "number", "description": "The total number of characters that a search result context should display at most.", "default": 250 },
-	"search_title_matches_weighting": { "type": "number", "description": "The weighting to give to search term matches found in a page's title.", "default": 10 },
-	"search_tags_matches_weighting": { "type": "number", "description": "The weighting to give to search term matches found in a page's tags.", "default": 3 },
+	"search_title_matches_weighting": { "type": "number", "description": "The weighting to give to search term matches found in a page's title.", "default": 50 },
+	"search_tags_matches_weighting": { "type": "number", "description": "The weighting to give to search term matches found in a page's tags.", "default": 7 },
 	"search_didyoumean_enabled": { "type": "checkbox", "description": "Whether to enable the 'did you mean?' search query typo correction engine.", "default": false },
 	"search_didyoumean_editdistance": { "type": "number", "description": "The maximmum edit distance to search when checking for typos. Increasing this number causes an  exponential increase in the amount of computing power required to correct all spellings.", "default": 2 },
 	"search_didyoumean_cost_insert": { "type": "number", "description": "The insert cost to use when calculating levenshtein distances. If this value is changed then the did you mean index must be rebuilt.", "default": 1 },

From e7bdaed67949c33b8d7b272e9c2a36e818415f9d Mon Sep 17 00:00:00 2001
From: Starbeamrainbowlabs 
Date: Tue, 11 Aug 2020 01:07:59 +0100
Subject: [PATCH 10/14] tweak the weightings again

---
 peppermint.guiconfig.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/peppermint.guiconfig.json b/peppermint.guiconfig.json
index e8f23b1..9fa18c9 100644
--- a/peppermint.guiconfig.json
+++ b/peppermint.guiconfig.json
@@ -236,7 +236,7 @@
 	"search_characters_context": { "type": "number", "description": "The number of characters that should be displayed either side of a matching term in the context below each search result.", "default": 75},
 	"search_characters_context_total": { "type": "number", "description": "The total number of characters that a search result context should display at most.", "default": 250 },
 	"search_title_matches_weighting": { "type": "number", "description": "The weighting to give to search term matches found in a page's title.", "default": 50 },
-	"search_tags_matches_weighting": { "type": "number", "description": "The weighting to give to search term matches found in a page's tags.", "default": 7 },
+	"search_tags_matches_weighting": { "type": "number", "description": "The weighting to give to search term matches found in a page's tags.", "default": 15 },
 	"search_didyoumean_enabled": { "type": "checkbox", "description": "Whether to enable the 'did you mean?' search query typo correction engine.", "default": false },
 	"search_didyoumean_editdistance": { "type": "number", "description": "The maximmum edit distance to search when checking for typos. Increasing this number causes an  exponential increase in the amount of computing power required to correct all spellings.", "default": 2 },
 	"search_didyoumean_cost_insert": { "type": "number", "description": "The insert cost to use when calculating levenshtein distances. If this value is changed then the did you mean index must be rebuilt.", "default": 1 },

From b1381552f058b56635bf3946da7dcfb862448604 Mon Sep 17 00:00:00 2001
From: Starbeamrainbowlabs 
Date: Tue, 11 Aug 2020 15:46:34 +0100
Subject: [PATCH 11/14] feature-readingtime: improve algorithm by stripping
 markdown syntax

---
 modules/feature-readingtime.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/modules/feature-readingtime.php b/modules/feature-readingtime.php
index da23c87..bb01b7b 100644
--- a/modules/feature-readingtime.php
+++ b/modules/feature-readingtime.php
@@ -1,7 +1,7 @@
  "Reading time estimator",
-	"version" => "0.1",
+	"version" => "0.2",
 	"author" => "Starbeamrainbowlabs",
 	"description" => "Displays the approximate reading time for a page beneath it's title.",
 	"id" => "feature-readingtime",
@@ -44,7 +44,10 @@ register_module([
  * @return	array	An array in the form [ low_time, high_time ] in minutes
  */
 function estimate_reading_time(string $text, string $lang = "en") : array {
-	$chars_count = mb_strlen($text);
+	$chars_count = mb_strlen(preg_replace("/\s+?/", "", strtr($text, [
+		"[" => "", "]" => "", "(" => "", ")" => "",
+		"|" => "", "#" => "", "*" => ""
+	])));
 	$langs = [
 		"en" => (object) [ "cpm" => 987, "variance" => 118 ],
 		"ar" => (object) [ "cpm" => 612, "variance" => 88 ],

From 5a62a0455bf209cb2066e2cd5dad0a55de4031de Mon Sep 17 00:00:00 2001
From: Starbeamrainbowlabs 
Date: Tue, 11 Aug 2020 18:08:29 +0100
Subject: [PATCH 12/14] Bump version for first beta release of v0.22!

---
 Changelog.md | 2 +-
 apidoc.json  | 4 ++--
 package.json | 2 +-
 version      | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/Changelog.md b/Changelog.md
index 92afd8b..63c3153 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -2,7 +2,7 @@
 This file holds the changelog for Pepperminty Wiki. This is the master list of things that have changed (second only to the commit history!) - though the information for any particular release can also be found in the description of it's page for every release made on GitHub too.
 
 
-## v0.22-dev
+## v0.22-beta1
 Make sure you have PHP 7.3+ when you update past this point! It isn't the end of the world if you don't, but it will make you more secure if you do.
 
 ### Added
diff --git a/apidoc.json b/apidoc.json
index 499d3f9..4afd7a3 100644
--- a/apidoc.json
+++ b/apidoc.json
@@ -1,6 +1,6 @@
 {
 	"name": "Pepperminty Wiki",
-	"version": "0.21.0",
+	"version": "0.22.0",
 	"description": "A wiki in a box. This is the API documentation.",
-	"title": "Pepperminty Wiki (0.20)"
+	"title": "Pepperminty Wiki (0.22)"
 }
diff --git a/package.json b/package.json
index bf45227..e40ceb6 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "pepperminty-wiki",
-	"version": "0.21.0",
+	"version": "0.22.0-beta1",
 	"description": "A wiki in a box",
 	"main": "index.js",
 	"directories": {
diff --git a/version b/version
index 648d222..5cb421e 100644
--- a/version
+++ b/version
@@ -1 +1 @@
-v0.22-dev
+v0.22-beta1

From 8a05d79724acbc09c0cb81de3b32476f37bb7437 Mon Sep 17 00:00:00 2001
From: Starbeamrainbowlabs 
Date: Tue, 11 Aug 2020 18:13:47 +0100
Subject: [PATCH 13/14] similar pages: tweak text

---
 modules/feature-similarpages.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/feature-similarpages.php b/modules/feature-similarpages.php
index fbf6ea7..bccf8f4 100644
--- a/modules/feature-similarpages.php
+++ b/modules/feature-similarpages.php
@@ -74,7 +74,7 @@ register_module([
 			if($env->action !== "view")
 				return;
 			
-			$html = "