56 KiB
Changelog
This file holds the changelog for Pepperminty Wiki. This is the master list of things that have changed (second only to the commit history!) - though the information for any particular release can also be found in the description of it's page for every release made on GitHub too.
v0.24-beta2
- Added:
filter
GET parameter to thelist
action, which filters the list of pages to contain only those containing the specified substring. - Fixed: [Rest API] Documented
redirect
andredirected_from
GET params to theview
action. - Fixed: Typo on credits page
v0.24-beta1
Added
- Added support for embedding external YouTube and Vimeo videos (e.g.
![alt text](https://youtube.com/watch?v=pID0xQ2qnrQ)
)- If you know of a cool service that should be supported, please open an issue - YouTube and Vimeo were just the only 2 I could think of
- Known issue: specifying the size (i.e. with
| 500x400
inside the brackets()
there) doesn't currently work because iframes are weird
- Added oneboxing: rich previews for internal links. If an internal link with 3 square brackets (e.g.
[[[example]]]
) is on it's own with nothing before or after it on a line, then it'll be turned into a onebox- 2 new settings have also been added to control it:
parser_onebox_enabled
andparser_onebox_preview_length
- TODO: Update the dynamic help page for this.
- 2 new settings have also been added to control it:
- [Rest API] Add new
x-tags
HTTP header toraw
action (required for v2.2 of the android client app to edit pages!)
Changed
- Display returnto URL above the login form if present to further mitigate CSRF issues
- [Rest API] Return a 409 Conflict instead of a 200 OK on an edit conflict when saving a page in the
save
action, and addx-failure-reason
for more errors
Fixed
- Stats: Fix crash when loading the stats page
- Fix crash when leaving a top-level comment
- [security] Fixed an XSS vulnerability in the
format
GET parameter of thestats
action (thanks, @JamieSlome) - [security] Ensured that the
returnto
GET parameter leads you only to another place on your Pepperminty Wiki instance (thanks, @JamieSlome) - [security] Ensure that Javascript in SVGs never gets executed (it's too challenging to strip it, since it could be lurking in many different places - according to this answer even Inkscape doesn't strip all Javascript when asked to)
- [security] Fixed XSS when the
action
GET param doesn't match a known action - [security] User pages are now only savable in the HTTP API by either a moderator or the owning user (previously only the
edit
action was protected, so if you made a request direct to thesave
action, you could bypass the check) - StorageBox: Create SQLite DB if it doesn't exist explicitly with
touch()
, because some systems are weird - StorageBox: Fix crash when
index.php
is a symbolic link - Fixed erroneous additional entries in complex tables of contents
- Make
PeppermintParsedown::extract_page_names
more multibyte safe to avoid empty statistics
v0.23
Added
- Added HTTP API support for creating pages that don't yet have a name (#194)
- This allows for having a "create new page" button in your navigation links - e.g. edit
nav_links
,nav_links_extra
, ornav_links_bottom
in yourpeppermint.json
and add something like[ "+", "index.php?action=edit&unknownpagename=yes" ]
.
- This allows for having a "create new page" button in your navigation links - e.g. edit
- XML sitemap support with the new
page-sitemap
module (manual setup required for crawlers to notice it: see the documentation) - Experimental support for transparent handling of
[display text](./Page Name.md)
style internal links (disabled by default: enable theparser_mangle_external_links
setting and delete the._cache
directory to enable) - Added automatic system requirements indicator to first run (checks for various PHP extensions required for various different functions) - does not block you from proceeding, but does assist in first-time system configuration
Changed
- Updated the configuration guide to include count of how many settings we have
- Also send a
x-robots-tag: noindex, nofollow
HTTP header for the login page (Semrush Bot, you better obey this one) - Support
page
as either a GET parameter or a POST parameter (GET takes precedence over POST) - Preview generation: If php-imagick is not installed but required for a particular operation, return a proper error message
- File upload: If fileinfo is not installed, return a proper error message when someone attempts to upload a file
- Add
image/avif
(AVIF image),image/jxl
(JPEG XL image), andimage/heif
/image/heic
toupload_allowed_file_types
(you'll need to delete your entry inpeppermint.json
to get the new updated list)- Also added these and
flac
(which was already allowed as an upload by default) to the data size calculator on?action=help&dev=yes
- Also added these and
Fixed
- [security] Fixed some potential XSS attacks in the page editor
- [security] Fix stored XSS attack in the wiki name via the first run wizard CVE-2021-38600; low severity since it requires the site secret to do the initial setup & said initial setup can only be performed once (#222)
- [security] Fix reflected XSS attacks (CVE-2021-386001; arbitrary code execution in the user's browser due to unsanitized data) via the many different GET parameters in many different modules (#222)
- [security] Automatically run page titles through
htmlentities()
(#222) - Fixed a weird bug in the
stats-update
action causing warnings - search: Properly apply weightings of matches in page titles and tags
- Improved error handling on first run where the PHP Zip extension is not installed
- Also extract to
._extra_data
if the directory is empty - Add
sidebar_show
to the settings GUI and the configuration guide - Fix crash when using the search bar with PHP 8.0+
- Prefix the default value of the
logo_url
setting withhttps:
- Fix display of subpages in the sidebar, and also wrap subpage lists in a
<details />
element to allow collapsing them - Fix file upload error handling logic - a proper error page is now sent to the client
- Create theme gallery help section instead of overwriting the one entitled "Jumping to a random page".
- Fix broken character in recent changes log entry when moving pages
v0.22
No changes were made since the last release
Make sure you have PHP 7.3+ when you update past this point! It isn't the end of the world if you don't, but it will make you more secure if you do.
v0.22-beta3
Changed
- Don't emit custom CSS unless there's something to emit
Fixed
- Fixed
inbody:searchterm
advanced query syntax - Fixed inaccessible colours in the page list when using the dark theme
- Fixed invalid HTML generated by new
hide_email
implementation
v0.22-beta2
Added
- Added dark theme via
prefers-color-scheme
to configuration guide (see the stable channel guide here - will only be updated when v0.22 is released) - Added link thingy you can click next to each setting to jump right to it
- [docs] Documented the structure of
pageindex.json
andrecentchanges.json
Fixed
- Obfuscate the admin email address at the bottom of every page - we missed it in v0.22-beta1 (but got every other one though :P) (#205)
- Bugfix: Don't use
->text()
for recursion when parsing markdown - it resets->DefinitionData
, which breaks footnotes (#209) - Fix name of did you mean index:
didyoumeaninddex.sqlite
→didyoumeanindex.sqlite
(feature is disabled by default; manual renaming required)
Changed
- Disable parser cache by default to avoid issues because said cache isn't invalidated when it should be (and doing so would take more of a performance hit than leaving it on)
v0.22-beta1
Make sure you have PHP 7.3+ when you update past this point! It isn't the end of the world if you don't, but it will make you more secure if you do.
Added
- [Module Api] Add new
search::invindex_term_getpageids
, andsearch::invindex_term_getoffsets
, andsearch::index_sort_freq
methods - [Module Api] Add new
ends_with
andfilepath_to_pagename
core functions - Added new syntax features to PeppermintParsedown, inspired by ParsedownExtreme (which we couldn't get to work, and it wasn't working before as far as I can tell)
- Checkboxes:
[ ]
and[x]
after a bullet point or at the start of a line - Marked / highlighted text:
Some text ==marked text== more text
- Spoiler text:
Some text >!spoiler!< more text
orSome text ||spoiler|| more text
- Superscript:
Some text^superscript^ more text
- Subscript:
Some text~subscript~ more text
- Checkboxes:
- Added automatic table of contents! (#155)
- Put
[__TOC__]
on a line by itself to insert an automatic table of contents - Note that the level of heading generated can be controlled (or even removed) by the new
parser_toc_heading_level
setting
- Put
- Add
<meta name="theme-color" content="value" />
support with the newtheme_colour
setting. More information: MDN, caniuse. Also used by some platforms to customise embed accents when generating a rich snippet (e.g. Discord). - Added reading time estimate to the top of wiki pages - control it with the new
readingtime_enabled
setting (#172)- The algorithm used to estimate reading times is the as the one used in Firefox's reader mode
- Added similar page suggestions between the bottom of the page content and the comments - control it with the new
similarpages_enabled
andsimilarpages_count
settings. - Added absolute redirect support - use it like this:
# REDIRECT [display text](INSERT_REDIRECT_URL_HERE)
- It's disabled by default due to potential security issues with untrusted editors - enable it with the new
redirect_absolute_enable
setting (default:false
)
- It's disabled by default due to potential security issues with untrusted editors - enable it with the new
- Added new settings to control various features more precisely
comment_enabled
controls whether anyone is allowed to comment at all or notcomment_hide_all
determines whether the commenting system displays anything at all (if disabled, it's (almost) like thefeature-comments
doesn't exist - consider using the downloader to exclude the commenting system instead of enabling this setting)avatars_gravatar_enabled
determines whether redirects to gravatar.com should be performed if a user hasn't yet uploaded an avatar (if disabled then a blank image is returned instead of a redirect).
- PDF previews now show the browser's UI when embedded in pages with the
![alt text](File/somefile.png)
syntax - [Rest API] Add new
typeheader
GET parameter toraw
action (ref Firefox bug 1319262)
Changed
- New policy: Only officially supported versions of PHP are officially supported by Pepperminty Wiki.
- Fiddled with Parsedown & ParsedownExtra versions
- Removed ParsedownExtreme, as it wasn't doing anything useful anyway
- Don't worry, we've absorbed all the useful features (see above)
- NOTE TO SELF: Don't forget to update wikimatrix.org when we next make a stable release! (if you are reading this in the release notes for a stable release, please get in touch)
- Enabled horizontal resize handle on sidebar (but it doesn't persist yet)
- [security]
SameSite=Strict
is now set on all cookies in PHP 7.3+- This prevents session-stealing attacks from third-party origins
- This complies with the new samesite cookies rules.
- A warning is generated in PHP 7.2 and below = please upgrade to PHP 7.3+! (#200)
- [security] The
Secure
cookie flag is now automatically added when clients use HTTPS to prevent downgrade-based session stealing attacks (control this with the newcookie_secure
setting) - Standardised prefixes to (most)
error_log()
calls to aid clarity in multi-wiki environments - Improved pageindex rebuilder algorithm to search for and import history revisions - this helps when converting data from another wiki format
- Improved spam protection when hiding email addresses. Javascript is now required to decode email addresses - please get in touch if this is a problem for whatever reason. I take accessibility very seriously.
- Bump weighting of title and tag matches in search results (delete the
search_title_matches_weighting
andsearch_tags_matches_weighting
settings to get the new weightings)
Fixed
- Squashed a warning when using the fenced code block syntax
- If a redirect page sends you to create a page that doesn't exist, a link back to the redirect page itself is now displayed
- Really fix bots getting into infinite loops on the login page this time by marking all login pages as
noindex, nofollow
with a robots<meta />
tag - Navigating to a redirect page from a page list or the recent changes list will no longer cause you to automatically follow the redirect
- Limited sidebar size to 20% of the screen width at most
- Fix the large blank space problem in all themes
- Squashed the text
\A
appearing before tags at the bottom of pages for some users (ref) - Fixed an issue causing uploaded avatars not to render
- Fixed an obscure bug in the search engine when excluding terms that appear both in a page's title and body
- Squashed a warning at the top of search results (more insight is needed though to squash the inconsistencies in the search index that creep in though)
- Removed annoying scrollbars when editing long pages
- Fixed an obscure warning when previewing PDFs (#202)
- Ensure that the parent page exists when moving a page to be a child of a non-existent parent (#201)
- Fixed templating (#203)
- Fixed warning from statistics engine during firstrun wizard
v0.21.1-hotfix1
Note: If you're updating past this point, please change the value of the secret
property in your peppermint.json
!
Fixed
- [security] Fix security issue in the debug action
v0.21
Fixed
- Make
PEPPERMINT_THEME
environment variable work again when compiling on the command line - Fixed invalid HTML that was causing layout issues on the master settings page
v0.21-beta1
Added
- Watchlists! A new addition has been added to the more menu to add the current page to your personal watchlist
- An email will be sent to all users watching a page when an edit is saved to it (uses the PHP
mail()
function internally, via theemail_user()
internal Pepperminty Wiki utility function)
- An email will be sent to all users watching a page when an edit is saved to it (uses the PHP
- Email address verification
- Enabled by default. In order to receive emails users now need to verify their email address
- This is done via a verification email that's sent when you change your email address (even if your email address is the same when you change your preferences and you haven't yet verified it)
- A new
email_verify_addresses
setting has been added to control the functionality
- Added dark theme to the downloader (will be updated at the next stable release)
- Added initial mobile theme support to the default theme
- There's still a bunch of work to do in this department, but it's a bit of a challenge to do so without breaking desktop support
- Added autocomplete for tags when editing pages, powered by Awesomplete
- The new
editing_tags_autocomplete
setting - enabled by default - toggles it, but why would you want to turn it off? :P - It should be reasonably accessible, judging from all the aria tags I'm seeing
- Get in touch if you experience performance issues with fetching tag lists from your wiki
- The new
- A command-line interface!
- Wiki administrators with terminal/console access can now make use of a brand-new CLI by executing
php ./index.php
(warning: strange things will happen if the current working directory is not the directory that contains index.php and peppermint.json)
- Wiki administrators with terminal/console access can now make use of a brand-new CLI by executing
- Added new
anoncomments
setting to control whether anonymous users are allowed to make comments (disabled by default) - thanks to @SeanFromIT for suggesting it in #181 - Added markdown support for media captions (#184)
- Finally: Experimental didyoumean support. Ever made a typo in a search query? The new didyoumean engine can correct query terms that are up to 2 characters out!
- It's disabled by default (check out the new
search_didyoumean_enabled
setting), as it enabling it comes with a significant performance impact when typos are corrected (~0.8s-ish / typo is currently observed) - Uses the words in the search index as a base for corrections (so if you have a typo on a page, then it will correct it to the typo)
- The index does not currently update when you edit a page - this feature is still very experimental (please report any issues)
- A typo is a search query term that is both not a stop word and not found in the search index
- It's disabled by default (check out the new
Fixed
- Fixed weighted word support on search query analysis debug page
- Added missing apostrophes to stop words in search system. Regenerating your search index will now yield a slightly smaller index
- Fixed link loop when logging in for crawlers
- [security] Bugfix: Don't leak the PHP version in emails when expose_php is turned off
- Fixed handling of Unicode characters when emailing users - added new
email_subject_utf8
andemail_body_utf8
settings to control the new behaviour - Add new
email_debug_dontsend
setting for debugging emails sent by Pepperminty Wiki - Fixed pressing alt + enter to open a search in a new tab - it should no longer fail and briefly prompt to allow pop-ups
- Squashed a bug in the new upgraded get/set_array_simple search optimisation
- Updated Parsedown to squash warning in PHP 7.4+
- Trailing commas in the tags box will no longer result in empty tags being added to pages.
- Minor UI fixes
- Multiple tags in search results and on page lists now have a margin between them
- Newline characters (
\r
and\n
) are now replaced with spaces in internal links (#186, thanks @SeanFromIT!) - Inbuilt help documentation corrections (#185, thanks @SeanFromIT!)
- Fixed a warning message when a file fails to upload (thanks for the test file, @SeanFromIT)
- Really fix the dot problem from v0.20.3-hotfix3 that @SeanFromIT reported
Changed
- Improved the search indexing system performance - again
- Another search index rebuild is required
- Optimisation: Don't generate the list of pages for the datalist if it isn't going to be displayed (especially noticeable on wikis with lots of pages)
- Optimisation: Don't load the statistics index if it's not needed (also esp. noticeable on wikis with lots of pages)
- Optimisation: Refactor
stas_split()
to be faster (informal testing shows ~18% faster → 4% total time) - [Module Api] Optimisation: Remove
search::transliterate
because it has a huge overhead. Usesearch::$literator->transliterate()
instead. - [Module Api] Add new
absolute
andhtml
optional boolean arguments torender_timestamp()
- [Module Api]
search::extract_context()
andsearch::highlight_context()
now take in a parsed query (withsearch::stas_parse()
), not a raw string
Known bugs
- Wow, a new section! Haven't seen one of these before. Hopefully we don't see it too often.....
- The didyoumean search query typo correction engine does not currently update it's index when you save an edit to a page (the typo correction engine is still under development).
v0.20.3-hotfix3
- Squash password-based warning (#182, thanks, @SeanFromIT!)
- Fix double-dot issue in uploaded files (#182, thanks, @SeanFromIT!)
v0.20.2-hotfix2
- Update Parsedown to squash warnings in PHP 7.4
- Update the docs about how to get a copy
v0.20.1-hotfix1
- Fixed logic error in peppermint.json access checker (thanks, @nivex! #179)
v0.20
Just 1 change since the previous beta release.
- Add optional "say hi" button to first-run setup wizard
- You don't have to click it, but it would be cool if you did :-)
v0.20-beta1
Added
- Added automatic dark mode to default theme using
prefers-color-scheme
- [Module API] Added new
minify_css
module API function by refactoring the page renderer - [Module API] Change
page_renderer::is_css_url()
to require an argument - Added theme gallery, which can be accessed through a link in the master settings (if the new
feature-theme-gallery
module is present)- Theme gallery URLs can be added to the
css_theme_autoupdate_url
setting - A graphical interface can be used to switch between available themes from the galleries
- No external HTTP requests will be made without consent
- Themes from galleries auto-update every week by default (adjustable/disable-able with the
css_theme_autoupdate_interval
setting)
- Theme gallery URLs can be added to the
- Added mega-menu support to the
nav_links_extra
setting - the default value for thenav_links_extra
setting has now changed (delete/rename it in yourpeppermint.json
file to get the new version)- An object can now be used to define groups of items in the more menu
- Hopefully it now looks less cluttered :P
- Headings now have an automatic id if you don't specify one (part of #141)
- Server-side diagramming support! See the
parser_ext_renderers
setting for more information on how to configure it- It hooks into external programs such as nomnoml, plantuml, and
abcm2ps
(ABC musical notation rendering) - It's generic enough to allow you to hook into any program that takes an input of some source text, and output some form of image
- It hooks into external programs such as nomnoml, plantuml, and
Fixed
- Fixed a bug in the search query performance metrics
- Fill out the statistics help text
- Added table of contents to help page
- Squashed the large blank space that appears at the bottom of the page editor page when editing long pages
- Accessibility improvements - thanks, Firefox developer tools :D (if you're a screen reader / accessibility tool user and have feedback or any better ideas, please get in touch)
- Marked the user avatar on the top navigation bar as hidden for screen readers
- Added aria label to user preferences button
- Hide site logo from screen readers
- Lists of pages that have a specific tag will now be sorted alphabetically (Unicode characters should be handled correctly too)
- Support Unicode characters when sorting. If it's a list of something, then it's now sorted correctly (e.g. includes pages, tags, etc).
- Squashed a bunch of warnings about a non-static method in the page renderer
- Fixed a warning message in the
peppermint.json
access checker - Fixed footnote rendering (thanks again, @SeanFromIT!)
Changed
- Made
build.sh
build script more robust, especially when generating the documentation. - Vastly improved search engine performance
- A new SQLite-based index format is now used, so search indexes will need to be rebuilt (migrating would probably take longer than a rebuild :-/)
- New search query syntax
- When making remote requests, Pepperminty Wiki will now correctly set the user agent string
- The server's
expose_php
setting is respected - if it's disabled, then the PHP version will not be exposed. - Pepperminty Wiki shouldn't make remote requests without you asking it to - see above and the theme gallery
- The server's
- Improved peppermint.json.compromised error message - if it's still unclear, please let me know
- Fiddled with the extra data extractor, as it seems that some people were experiencing strange issues with
stream_get_meta_data()
- [Module API] Refactored the
errorimage()
function into core, added automatic image size calculation, and multi-line support
v0.19.4-hotfix4
- Fixed page revision id incrementing if you don't have a page called
history
on your wiki (thanks @SeanFromIT!)
v0.19.3-hotfix3
- Improve error messages in the extra data unpacker
- Change the extra data unpacker to us
tempnam()
instead oftmpfile()
, since some people appeared to be having issues with the other approach - Squash a deprecation warning caused by a typo (thanks, @SeanFromIT!)
v0.19.2-hotfix2
- Patched another crazy bug in the extra data system in the downloader
v0.19.1-hotfix1
- Patched the downloader which was throwing warnings when packing downloads
v0.19
(No changes have been made since the last beta release.)
v0.19-beta2
Changed
- Updated the theme of the new documentation
- Revised the writing modules section of the documentation
v0.19-beta1
The update that changed the world! Turn everything upside-down.
Fixed
- Fixed double-escaping of rendered HTML when nesting templates
- Squashed a warning if the search index doesn't exist yet
- Fixed a crash in the stats updater if no pages in the system have tags yet
- Consolidated
email
andemailAddress
fields into the latter in the user table (#167) - Fixed a crash when trying to access the user table when not logged in as an administrator.
- Fixed help text for the file upload module
- Squashed a warning when uploading a file
Added
- [Module API] Added new extra data system. See
parser-parsedown
andpage-edit
for an example.- Extra data is packed into a zip archive, which is packed into
index.php
via__halt_compiler();
- See the
parser-parsedown
andpage-edit
modules for examples on how to use it.
- Extra data is packed into a zip archive, which is packed into
- [Module API] Added new
delete_recursive()
function. - Added a new obvious link to the user table at the top of the master settings page.
- Added a new first-run wizard to help new users set up the basics of their wiki.
- It also checks to ensure that access to
peppermint.json
is blocked correctly (coming soon as a one-time check to pre-existing wikis) - Pre-existing wikis will not see this first-run wizard - a new
firstrun_complete
setting has been added that's automatically set to true if Pepperminty Wiki does a settings upgrade
- It also checks to ensure that access to
- Default to allowing lossless flac and ogg audio files to be uploaded
- Added new
minify_pageindex
setting, which defaults totrue
and causes the page index to be minified when saved. Improves performance slightly (especially on larger wikis as the page index grows), but makes debugging and ninja-edits more awkward. - [Module API] Added new
save_pageindex()
function which respects the above setting. - Added PDF preview using your browser's default PDF viewer!
- Added download button for unsupported file types
Changed
- Core sharding: split
core.php
into multiple files - Big update to the backend Markdown parser Parsedown
- Use Parsedown's new untrusted feature for comments
- Added new
all_untrusted
setting to allow treating everything as untrusted (default: false) - turn it on if your wiki allows anonymous edits
- Switch to nightdocs instead of docpress (the official docs will update & change URL on the next stable release)
- Add moar badges to the README & docs :D
Removed
Not often I have a removed section!
- [Module API] Remove remote file system in favour of the new extra data system. No more first-run downloads! They are all done at compile-time now.
v0.18
(No changes have been made since the last beta release.)
v0.18-beta1
Added
- Added inter-wiki link support via the new
feature-interwiki-links
module- Added
interwiki_index_location
setting to control the location of the interwiki index (which is a CSV file that is documented in the main Pepperminty Wiki documentation), which has to be specified in order for it to activate - Provides new module api functions:
interwiki_pagename_parse
,interwiki_pagename_resolve
,interwiki_get_pagename_url
, andis_interwiki_link
- Added
- Added new formats to the
recent-changes
action (append&format=XXX
to the url)- Added CSV support (
csv
) - Added Atom 1.0 feed support (
atom
) - All alternative formats for this action are advertised in via a
<link rel="alternate" />
in the<head>
now
- Added CSV support (
- Added
count
andoffset
GET parameters torecent-changes
action. - Added new
find_revisionid_timestamp()
function tofeature-recent-changes
module. - Added new parser output caching system!
- Saves to
._cache
in the data directory (alongside the pages themselves) - 2 new settings have been added:
parser_cache
andparser_cache_min_size
- Uses a hash of the content, the Pepperminty Wiki version, and the parser name as the cache id - so it should never serve stale content (unless you're actively working on particular areas of Pepperminty Wiki's codebase of course)
- Useful for longer pages
parser_cache_min_size
may need tuning for your specific installation (lower it if you regularly use features that are slow to parse; raise if it's the opposite)
- Saves to
- Internal links now show the page name on hover (inter-wiki links are also supported here)
Changed
- Completely reworked the README to refactor out the documentation to its own static site
- Updated the
{{{@}}}
templating variable to output a message if no parameters were specified instead of not parsing it at all - [Module API] Refactored the main
page_renderer
class- All static methods now have a consistent naming scheme
- Added
page_renderer::add_header_html()
Fixed
- Squashed a warning in the history revision system when creating new pages (thanks @tspivey for spotting this!)
- Standardise line endings to
\n
(linux) - Enhanced setup instructions in README.
- Long lines in code blocks now wrap correctly.
- The
export
action now correctly includes uploaded files alongside their descriptions
v0.17.1
Fixed
- Corrected default passwords. If you were having issues, try updating to this release, deleting
peppermint.json
and trying again (thanks for spotting this, @tspivey!)
v0.17
Fixed
- Removed stray debugging output
- Tweaked css to make new search context generation look better
v0.17-beta2
Fixed
- Fixed the cost-climbing bug in the last beta release
v0.17-beta1
Added
- [Module API] Added
save_settings()
convenience method - [Rest API] Add
user-add
andset-password
moderator actions - Added
random_page_exclude_redirects
setting that prevents therandom
action from returning redirect pages. - Added link to user table on the credits page
- Added history reversion via the
history-revert
action - Added
history_max_revisions
setting to allow control of the maximum number of revisions stored for a page- Takes effect every time a page revision is added
- Added page restore system
- A previous page revision can be restored with a single click from the page history page
- Added a new
history_revert_require_moderator
setting to control whether moderator privileges are required to use the functionality (regardless of setting a user must be logged in)
- HTTP/2.0 Server Push support!
- You'll need to make sure your web server has support turned on
- The CSS file specified in the
css
setting (url path must begin with a forward-slash) and the favicon (must not be adata:
url) are automatically pushed when rendering pages - 2 new settings have been added:
http2_server_push
for turning it on and off (defaults to on), andhttp2_server_push_items
for specifying custom resources to push (in case you design your own theme and want to push down the associated resources) - More information about
http2_server_push_items
in particular is available on the configuration info page (when this release is out, of course. Until then, check out the description inpeppermint.guiconfig.json
)
- Added
<meta name='generator' />
tag to all pages
Fixed
- Updated the search system to transliterate characters to better support searching pages that are written in other languages.
- You'll want to rebuild your search index via the button in the configuration panel, or the
invindex-rebuild
action.
- You'll want to rebuild your search index via the button in the configuration panel, or the
- [Security] Made the site secret generator cryptographically secure. If you created your wiki before this change, you might want to change your site secret in
peppermint.json
to something more secure with a site like random.org.- The PHP function
openssl_pseudo_random_bytes()
was being used before, but apparently that's not cryptographically secure.
- The PHP function
- [Module API] Fix
full_url()
logic - [Module API] Make
email_user()
correctly return email sending failures - Squashed a warning in the search redirector
- The search redirector will now check both the specified page name and the page name in Title Case
- Improve help text description of image captions displayed alongside images
- Fixed the page history page - it should now display all page revisions in valid HTML
- Fixed another bug in the search context generator
- Display an ellipsis at the beginning of a search context if it doesn't start at the beginning of a page
- Semicolons are no longer automatically included in greedy internal links.
- Pressing enter in the tag box now correctly previews instead of performing a smart restore
Changed
- Password hashing has been overhauled! A totally new-and-different system is being used now, so you'll need to rehash all your passwords.
- The
hash
action supports the new password hashing scheme. - Added
password_cost
,password_cost_time
, andpassword_cost_time_interval
settings password_cost
is recalculated automatically every week by default (it keeps track of this via thepassword_cost_time_lastcheck
'setting')
- The
- The
css
setting will now keep a value of auto, even whenpeppermint.json
is automatically updated by Pepperminty Wiki. - Optimised the search system a lot (#157 - ~2800ms searches now take ~450ms O.o)
- Tuned the default value for
search_characters_context
down to 75 (this won't be the case for existing wikis, so you'll need to adjust it manually) - Added new
search_characters_context_total
setting to control the maximum characters in a search context
- Tuned the default value for
- The
index
action's output should now be formatted nicely. - Restyled "matching tags" in the search results in the default stylesheet
- Added moar icons to the nav / more menus. Delete the appropriate entries in
peppermint.json
to get the updated ones!
v0.16
(No changes since v0.16-beta1)
v0.16-beta1
Added
- Add json support to the search action :D
- Added page moves to the recent changes page (#151)
- Hyperlinked image preview on file pages to the original image (#153)
- Added the commit hash Pepperminty Wiki was built against to the master settings configuration page, and the debug action
- Added user count statistic
- Added redirect page count statistic
- Add orphan pages statistic
- Add most linked-to pages statistic
- [Rest API] Added support for the
mode
parameter to therandom
action - [Rest API] Added
format
parameter torecentchanges
action - [Rest API] Added
comments-fetch
action to return a page's comments as JSON - [Rest API] Added
acquire-edit-key
action to allow scripts and other automated services (e.g. bots and mobile apps) to fetch an edit key for a specified page name. - [Rest API] Added extra headers to
save
action on failure to aid identification by automated services
Fixed
- Fixed various issues with both the module api & the rest api docs.
- Properly escaped content of short code box on file pages
- Display a more meaningful message to a logged in user if editing is disabled
- Fixed fetching the size of SVGs in some cases
- Fixed image captions in some cases (let me know if you still get warnings)
- Squashed warnings when you do a search with a forward slash (
/
) in your query - Fixed that age-old warning in the search results if you have pages with special characters! I learnt a lot about utf8 whilst fixing this one.... (#114)
- You'll need to rebuild your search index for this fix to fully take effect (call the
invindex-rebuild
action as a mod or better)
- You'll need to rebuild your search index for this fix to fully take effect (call the
- Normalise utf8 text to avoid duplicate ids and missing search results.
- Improved handling of mime types in some places in the API.
- [Rest API] Added
minified
option tostatus
action to reduce data usage slightly - Fixed floating images that have captions
- [Rest API] Fix
checklogin
action documentation - Fix link on credits page
- Made rebuild search index progress bar fill completely up when done & neatened up UI placement
Changed
- Disallow uploads if editing is disabled. Previously files could still be uploaded even if editing was disabled - unless
upload_enabled
was set tofalse
. - Added
x-login-required: yes
header to responses that redirect to the login page for easy detection by machines - Added
x-login-success: (yes|no)
header to login responses for easier machine parsing - Enhance the longest pages statistic rendering
Removed
- [Module API] Removed
accept_contains_mime
, as it's both unstable and currently unnecessary. Contributions for a better version are welcome!
v0.15.1
Added
- Added an input box with auto-generated short markdown embed code with copy button to file pages
Changed
- Added 1920 as a preset image size on file pages
Fixed
- Fix saving edits to pages with an ampersand in their name (#99)
- [Security] Fixed an authenticated denial-of-service attack when uploading a malicious SVG (ref XXE billion laughs attack, #152)
v0.15
(No changes since v0.15-beta2)
v0.15-beta2
Added
- Added "restore locally saved content" button to page editor
- [module api] Documented the remainder of the members of the
search
class
Fixed
- Moving a page will now move all the comments associated with it
- The page names on the page move success page are now encoded correctly to avoid html and url issues
- Clicking Login to post a comment will now take you back to the comments section of the page you were on upon completing the login process instead of the top of the page
v0.15-beta1
Added
- Statistics! (#97)
- Added a new statistics engine, which you can add your own statistic calculators to with
statistic_add
- Added action
stats
to view the calculated statistics - Statistics are automagically recalculated every day - this can be controlled with the
stats_update_interval
andstats_update_processingtime
settings
- Added a new statistics engine, which you can add your own statistic calculators to with
- Added new "« Parent Page" to subpages so that you can easily visit their parent pages
- Users can now delete their own comments, and users logged in as a moderator or better can delete anyone's comments.
- Added new
comment-delete
action - Comments are deleted entirely if they have no replies - otherwise the username & message are wiped
- Added new
- The
history
action now supportsformat=json
andformat=CSV
- Added tags next to the names of pages in the search results
- Added new
random_page_exclude
setting that allows you to exclude pages from the random action with a (PHP) regular expression - [module api] Added new
get_page_parent($pagename)
method. - [module api] Added new remote file system to download additional required files. Use it with
register_remote_file
Fixed
- Fixed invalid opensearch description.
- When deleting a page, if
feature-comments
is installed, all the comments attached to the page are deleted too - Fixed paths when generating previews in certain environments
- Fixed handling of pages and tags with single quotes in the name
- Fixed weirdness on some pages rendered by the Pepperminty Wiki core
- Fixed a few minor usability issues on the upload file page.
- Removed some extra at the bottom of some pages.
- The
raw
action now sends a 404 if the request page doesn't exist on the wiki.
Changed
- Make
invindex-rebuild
admin-only, but allow access if the POST paramsecret
is set to your secret inpeppermint.json
- Improved the wording of the deletion confirmation and error pages
- Search now searches matching tags as well as pages
- Updated the search ranking algorithm to put more weight against longer words than shorter ones.
v0.14
Changed
- Improve the look of the downloader a bit. More work is needed here, apparently - I haven't touched it in ages!
v0.14-beta1
Added
- Commenting! You'll need to update any custom themes you've created if you're including the commenting module in your build.
- Added stacked bar to help you visualise what's taking up all the space in your wiki
- Added link to edit master settings in the credits
- Initial open search support!
- After visiting your wiki once, you'll be able to press
<tab>
when typing the path to your wiki to perform a search. - It'll only work if your wiki is at the top-level of a domain without anything after the
/
(subdomains are ok). This is a restriction of the protocol, not Pepperminty Wiki! - Supports sending search suggestions based on page names in the page index (based on case-insensitive leveshtein distance)
- After visiting your wiki once, you'll be able to press
- Avatars!
- Gravatar is used if a user hasn't uploaded an avatar yet
- An identicon is rendered if a user hasn't specified an email address or uploaded a gravatar yet either
- Added
avatars_show
andavatars_size
settings to control the displaying & size of rendered avatars. - Added the
avatar
action, which 307 redirects to the appropriate avatar image
- Added
has_action
to make detecting enabled features easier (even if they move modules) - Edit previewing, thanks to @ikisler
Changed
- Updated MathJax CDN link, as cdn.mathjax.org is being retired (source).
Fixed
- Fixed error image generation in the image previewer under certain conditions.
- Fixed warnings from being spewed all over the place under certain circumstances on the recent changes page
- Fixed url encoding issue in redirects with ampersands in page names (#139)
- Allow sending of OpenSearch description even when not logged in on wikis that require a login to work around some browser cookie issues
- PR #135: Fix repeated page names on sidebar by @ikisler
- PR #136: Fix issue where bottom nav is cut off by @ikisler
v0.13
(No changes were made between the last beta release and this release)
v0.13-beta2
Added
- Added new
query-searchindex
action to inspect the internals of the search engine- It returns the (ordered) search rankings as json, along with some additional debugging data
Fixed
- Clear the page id index out when rebuilding the search index from scratch.
- This is needed to correct some issues where the id index goes all weird and assigns the same id to multiple pages
- Don't search page titles or tags for stop words - it skews results since we don't search the page body for them
v0.13-beta1
Added
- Added header to upload file page.
- Added history support to the
raw
action. - Added 'smart save' to the page creator / editor. Nobody need ever loose edits ever again!
- Added dynamic server-calculated page suggestions. Very helpful for larger wikis. Currently works best in Firefox. Part of the
feature-search
module. - Added Alt + Enter support to the page search box. Works just like your browser's address bar - opens results in a new tab instead of the current one.
- Initial UI for configuring settings! Some things still have to be done by editing the file, but it's certainly a start :D
- User preferences!
- Accessible via the (by default) small cog next to your username when you're logged in
- The cog is customisable via the new
user_preferences_button_text
setting. - You can change your password
- There's link to the master site settings from user preferences for admins.
- [Module API] Added
$env->user_data
andsave_userdata()
to interact with the logged in users' data - User pages! Every page under
Users/
by default belongs to their respective users. e.g.Users/admin
and all the pages under it belong to theadmin
user, so no other user can edit them.- You can access your own user page by clicking on your username in the top corner when you're logged in.
- Added the
user_page_prefix
setting to allow customisation of where user pages should be located. Default value:Users
- [Module API] Added
get_user_pagename()
andextract_user_from_userpage()
to allow programmatic detection etc.
- Added a
user-list
action that, well, outputs a list of users. Includes links to their respective user pages (though redlinks aren't implemented here yet). - Internal links like
[[Page name]]s
will now link to the correct page in include the rest of the word. Note that this functionality can't be mixed with display text, like this:[[Page name|Display text]]s
- the rest of the word will be silently ignored in the link!
Changed
- Overhauled internal history logic - history logic is now done in core.
- Added
$env->page_filename
, which points to the current page on disk. - Changed the way different display modes are accessed. You can now use the new
mode
parameter to theview
action. It supports 4 different modes at present:normal
,printable
,contentonly
, andparsedsourceonly
. - Improved recent changes links a bit.
- Improved tabbing through the file upload form.
- Changed the way users' data is stored to support arbitrary per-user data
- Sorted list of registered actions on the dev help page
- The page editor's main content box now automatically expands as you're typing! If you've got a custom theme, you may need to tweak it a bit. Help available on request.
- Pages that are redirects how have their names appear in italics in search results.
Fixed
- The login session lifetime is now configurable (defaults to 24 hours), so you won't keep getting logged out all the time (in theory). (#113)
- Recent changes made on different days are now displayed separately, as they should be (#112)
- Always display footer message at the bottom of the page.
- Trim the image url before short image url detection (#108)
- Fixed huge issue with
contentonly
display mode. - Improved the search engine indexing algorithm. It now shouldn't choke on certain special characters (
[]{}|
) and will treat them as word boundaries. - Fixed tag links at the bottom of pages for tags with a single quote (
'
) in them. - Correct error message when attempting to move a page
- Improved security of PHP session cookie by setting
HttpOnly
flag. - Linked pages with single quotes (
'
) in their names correctly in page lists. - Fixed blank descriptions in search results by defaulting to a snippet from the beginning of the page.
v0.12.1
Fixed
- Added error detection to the code that loads
peppermint.json
.
v0.12.1-beta1
Added
- Added a class to the search term highlighting to aid theming (#92)
- Check for pages with various uppercased letter combinations for matching pages (#87)
- Support hashes in internal links (#96)
- Support hashes on redirect pages (#96)
- Added some tips to the parsedown parser help section
- Added some more stats to the dev help page (#97)
- Added the time taken to search to the search results page (#97)
- Added support for unicode characters in page names (#95)
- Autofill the name box on the file upload page when a new file is selected (#101)
- Redirect the user automatically from the login page on refresh if they are already logged in (#102)
- Suggest an appropriate filename when saving an automatically generated preview (#105)
- When using the default theme images will now not flow beyond the edge of the page.
Changed
- Made the background of tags slightly lighter (#91)
- Improved the appearance of the search context below each result.
- Tweaked display of result numbers in the search results.
- Allowed spaces in the filenames of images in the image syntax.
Fixed
- Critical: Make sure that all wiki related files are stored in the data directory (#89)
- Critical: Fixed a HTML injection attack possible through search context generation (#94)
- Sort the list of all the tags on a wiki (#88)
- Explicitly set permissions on parent directories created (#86)
- Allow
<tab>
characters to be entered into the editing page textarea (#84) - Fixed search context generation (#30)
- Fixed bug in page moving code.
- Prevented the page index data for parent pages from disappearing when a child page is edited (#98)
- Fixed file uploading when the data storage directory not the current directory (#100)
- Fixed pressing the edit button on pages that have a single quote in their name
- Fixed a spelling mistake on the file preview page - I'm sure I fixed that before...!
- Fixed an issue whereby the search index wouldn't update if your pages contained special characters
- Fixed an issue with the recent changes list not updating when the number of recently changes reached
settings.max_recent_changes
(#104) - Fixed changes disappearing from the recent changes page (#106)
v0.12
(No changes were made between the last beta release and this release)
v0.12-beta2
Changed
- Changed the revision display text ("Revision created by..." -> "Revision saved by...")
v0.12-beta1
Added
- Page history! Currently you can't do anything with the previous revisions - that will come in a future release.
- Implemented delayed indexing (#66)
- Added the time a page was last modified to the footer (#67)
- Added unified diff to edit conflict resolution pages (#64)
- Added image captions (#65)
- Added short syntax for images (#24)
Changed
- Added text "Tag List: " to tag listing pages
- Added checkerboard pattern behind transparent images on mouse hover on their preview pages.
- Improved support for SVGS.
- SVGs are sent as-is instead of a preview image unless
$settings->render_svg_previews
is set totrue
. - Added code to find the dimensions of an SVG.
- SVGs are sent as-is instead of a preview image unless
- Reduced the amount of space that the login bit in the top left takes up.
Fixed
- Fixed a bug in the idindex generator.
- Fixed an issue where you wouldn't be redirected correctly if you typed your password incorrectly
v0.11
Changed
- Set title of image to alt text
v0.11-beta2
Changed
- Redirect to audio / video in preview generator if the data storage directory is the current directory
Fixed
- Polyfill
getallheaders()
if it isn't present - Bugfix failed upload message
v0.11-beta1
Added
- Unlocked the uploading of any file type. Note that only the file types specified in the settings are allowed to be uploaded.
- Uploaded video and audio files can now be viewed on their respective pages
- The file preview tool is now aware that not everything will be an image.
- Enhanced the recent changes page.
- New pages show up with an 'N' next to them (as they do in a MediaWiki installation)
- Page deletions show up in red with a line though them
- Uploads show with an arrow next to them along with the size of the uploaded file
- Added mathematical expression parsing between dollar signs.
- Generated previews now have etags. This should speed up load times of subsequent requests significantly.
- Added some extra built-in variables to the parser.
{{{~}}}
: Displays the top level page name (i.e. the page that has been requested).{{{*}}}
: Displays a comma-separated list of subpages of the requested page.
- Links to non-existent pages are now coloured red by default.
Changed
- Enhanced the dev help page some more
- Changed the uploaded file preview generation to use imagemagick. You now need to have the
imagick
php extension installed (installation on linux:sudo apt-get install php-imagick
). - The uploaded file preview generation action will now return audio and video files as-is. This allows for HTML5 video / audio tags to be used to view audio and video files.
- Made username box autofocus on login page.
- Added tab indexes to editing form
Fixed
- Fixed the downloader
- Fixed an issue with the recent changes page and redirects causing a large number of warnings
- Fixed a number of issues with the parser
- Image urls may now contain ampersands ('&')
- Several warnings that were cropping up here and there due to bugs have been squashed
- Fixed an issue with multiple links in the same paragraph
- Fixed a number of issues with the image preview generator
- Requests for a previews of pages that don't have an associated file won't break anymore. An error image will now be returned instead.
- A number of things that were not compatible with PHP 7 have been updated to ensure compatibility.
- Conflict resolution. If someone saves an edit to a page after you started editing, you will get a conflict resolution page.
Notes
- Test the etag code!
v0.10
Added
- Added a license. Pepperminty Wiki is now licensed under the Mozilla Public License 2.0.
Fixed
- Corrected a minor error in the description of the page viewer module.
- Corrected a minor spelling mistake in the credits page.
v0.10-beta2
Fixed
- Added the moderator diamond next to the link to the update page in the credits.
- Corrected the version numbers of a large number of modules that I forgot to change.
v0.10-beta1
Added
- This changelog. It's long overdue I think!
- Added the all tags page to the "More..." menu by default.
- Added recent changes page under the action
recent-changes
. A link can be found in the "More..." menu by default. - Changed the cursor when hovering over a time to indicate that the tooltip contains more information.
- Added icons to the "More..." menu
- Added help section to parsedown parser.
- Added more information to the dev help page.
- Added templating! It works the way you'd expect it to in Mediawiki.
- Help section ids now show to the right of the help section headers by default.
Changed
- Improved appearance of the all pages list.
- Improved apparence of the tag list page.
- Added a link back to the list of tags on the list of pages with a particular tag.
- Upgraded help page. Modules can now register their own sections on a wiki's help page.
- Optimised search queries a bit.
- Save preprocessors now get passed an extra parameter, which contains the old page source.
- Changed the default parser to parsedown.
- Removed parsedown from the
parser-parsedown
module and replaced it with code that automatically downloads parsedown and parsedown extra on the first run. - Removed Slimdown addition from the parsedown parser and replaced it with a custom extension of parsedown extra.
- Moved printable button to bottom bar and changed display text to "Printable version".
- Redirect pages now show in italics in page lists.
- Made other minor improvements to the page lists.
Fixed
- Removed debug statement from the redirect page module.
- Improved the "There isn't a page called..." message you sometimes see when searching.
- Corrected a few minor spelling issues on the help page.
- The
recent-changes
module now has a proper help section.