See also SecurityAlertForZeroPointSix

commentary on 0.6 ChangeLog?:

  • wikinames must now start on a word boundary
  • added # and = to url regexp
  • try allowing numbers in wikinames

<br>trying out more regexp tweaks. numeric digits must be at the end of a wikiname

  • added utility methods wiki_base_url & wiki_page_url

<br>these solved ongoing problems I was having with maintaining consistent urls. I wanted an easy way to reference the current page or the folder that worked everywhere, and preserved acquisition paths unlike absolute_url. I couldn't find the right method so wrote these which made all my problems go away. Unfortunately they break virtual hosting. If you have this problem, change these methods to call absolute_url(). Better solution needed.

<br>You have probably seen this very nice feature at zope.org or in the zwiki_examples. It provides parent-child relationships between pages and displays full or partial views of the tree as an orientation & navigation aid. Thank you Ken! <br><br>NB I'll turn this on here soon. I was wondering how to provide multiple views for this site while preserving the default url

  • added JimFulton's edit conflict safety belts for http & ftp

<br>Jim has provided a bunch of enhancements & suggestions. The "safety belts" catch simultaneous edits (cf HowToAvoidEditingConflicts?) and prevent data from being overwritten. A timestamp is kept in a hidden field (http) or prepended to the file (ftp). <br><br>I just enabled this here on zwikiweb. NB this means no more backing up in browser to re-edit <br><br>NB I'm not sure that the http and ftp checks work together yet

  • added jim's permission & validation patch

<br>see below

  • add & change zwiki page permissions are now functional

<br>yay! you can now access-control some or all or your zwiki pages if you want

  • reorganized & expanded example content

<br>demonstrated several kinds of wiki and some uses of acquisition

  • deemphasised DTML-enabled content where not needed - changed pages to structuredtext where possible, restricted permissions on the rest, changed the default page type to structuredtext

<br>MikePelletier & Jim pointed out the trojan issue (ZopeSecurityWiki:TrojanIssueOverview) to me. Zwiki by nature is of course very vulnerable to this kind of attack. So a focus of this release was to close some of the gaping holes in at least the default installation. Regretfully I changed to a non-dtml default page type ('structuredtext' instead of 'structuredtextdtml'), and made most of the zwiki_examples non-dtml. Some of the default pages rely on dtml to function (recentchanges, jumpto, searchpage) so on these I disabled anonymous 'Change ZWiki Pages' permission by default. You shouldn't be able to install a wiki with executable content without realizing it. <br><br>Jim's validation patch above adds a useful safety measure: dtml code executed when viewing a zwiki page runs with the permissions of Anonymous, not the permissions of the current user. This had some ramifications for zwiki setup - anonymous Access Contents Information permission is now required on a zwiki folder for an anonymous user to view recentchanges, etc. I think the readme in zwiki_examples still needs an update here.