xwiki-users May 2010

xwiki-users@xwiki.org

64 participants
111 discussions

by Wilson Leão Neto

Hello there! I would like to know if it's possible to downgrade the XWiki. My friend is willing to uninstall and install an old version, but he wasn't able to find any old version to download. Any clues? Thank you, Wilson

14 years, 4 months

[xwiki-users] display childpages

by hel-o

Hi, i'm looking for a possibility to display links to childpages the child page snipet depends on the doctree plugin (is that available on myxwiki.org?) so is there a nother way? Thanks hel. ----- semantic-web.hel.at hel(a)hel.at -- View this message in context: http://xwiki.475771.n2.nabble.com/display-childpages-tp5013284p5013284.html Sent from the XWiki- Users mailing list archive at Nabble.com.

14 years, 4 months

[xwiki-users] colorThemeInit and updating theme problem

by Ben Stuggler

Hello, I would like to have a specific color theme for my users depending of the groups. So I modified the colorThemeInit.vm to check the user group and apply a specific theme. My problem is after logging, I have to refresh the page manually to see the new theme, even if I click on a link in the wiki. How can I force a refresh automatically after logging? Should I call the template colorThemeInit somewhere else ? Thanks Regards Ben -- View this message in context: http://xwiki.475771.n2.nabble.com/colorThemeInit-and-updating-theme-problem… Sent from the XWiki- Users mailing list archive at Nabble.com.

14 years, 4 months

[xwiki-users] missing programming rights

by sroemer＠public-files.de

Hi, I'm trying to program some groovy scrips which works fine when I use my local xwiki installation, but when I try this on my myxwiki account I cannot set the Programming rights, no matter which account I use Roemer or StephanRoemer. Greetings Stephan -- "Feel free" - 10 GB Mailbox, 100 FreeSMS/Monat ... Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail

14 years, 4 months

[xwiki-users] PDF export - Footer/Header/View

by Wilson Leão Neto

Hello all! I'm working with XWiki and I'm a newbie... I've read the tutorial available on http://code.xwiki.org/xwiki/bin/view/Modules/RenderingModule and the customization part of the pdf export. I'm still clueless on how to do it properly... I have java experience, so I can code what is necessary, I just don't know where to go. All I want to do is change the default template. Changing the footer, header, TOC and breaking a page on every h1 found. I would be glad if someone could give me a hint. Thank you, Wilson

14 years, 4 months

[xwiki-users] [Security Advisory] SQL injection issue.

by Caleb James DeLisle

In the 2.3 timeframe, a serious security bug was fixed. Hibernate treats backslashes differently from some database management systems and as a result native SQL can be injected through the searchDocuments function. This means members of a wiki can finish an SQL query, also this means that badly written searchDocuments or search queries go from small security issues to larger ones. NOTE: Passwords are hashed (encrypted) so they cannot easily be read from the database. Who's at risk? Database systems which treat backslash as an escape character and allow stacked queries are susceptible to arbitrary SELECT, INSERT, UPDATE, DELETE, and DROP statements. These include: MS-SQL Postgres Database systems which treat backslash as an escape character but disallow stacked queries are susceptible only to arbitrary SELECT statements. These include: MySql Oracle Database systems which do not treat backslash as an escape character are not vulnerable these include: HSQLDB (default XWiki zip/exe installation) You can get a small groovy snippet to test your database and see if it supports stacked queries here: http://dev.xwiki.org/xwiki/bin/view/Drafts/SecuringXWiki#HMitigationMethods… What can be done: #1: XWiki-2.3 and XWiki-2.2.6 Are patched to convert \ to \\ in search queries so upgrading to them will negate the threat. You can download them here: http://www.xwiki.org/xwiki/bin/Main/Download #2: If you compile your own branch of XWiki and are unable to upgrade, you can integrate the patch which was used to fix the problem The patch is here: http://dev.xwiki.org/xwiki/bin/download/Drafts/SecuringXWiki/XWIKI%2D4755%2… Since the database controller has changed, you will likely have to port this patch to your version, what's important is that api.XWiki.searchDocuments and api.XWiki.search have their input filtered. #3: You can and should make sure to log unexpected SQL at the database level. XWiki doesn't usually use the backslash character and queries containing backslashes should be logged specially. Also it is a good idea to log (or block if possible) any SQL comment syntax. Hibernate does not support comments and comment syntax is central to almost all SQL injection. Caleb

14 years, 4 months

[xwiki-users] Hello! Newly Installed XWIKI

by sadid sahami

Hello! while I've been frustrated form installing mediawiki... I found XWIKI....The installation was easy and straight-forward then I encountered with an excellent tool for my job: I am not a administrating and I don't want Online wiki so much (at least for 1-2 year)... currently I just need a wiki for my personal use: 1) is XWIKI a good choice for someone like me? 2) I need LaTeX support is it available? 3) I'm a newbie ( I just know a little HTML...) is XWIKI a good alternative for my personal DMS? 4) I've installed my XWIKI on Fedora 11 in /home/user/.XWiki folder is it possible to reinstall it? 5) I can't access my xwiki via menu's shortcut I've to cd .XWiki and "sh start....sh" It works but I want a total solution 6) where do my pages store? excuxe me for this long list question Thanks!

14 years, 4 months

[xwiki-users] XEM - access issue to wiki instances

by Marine JULIAN

Hello, I installed XEM (version 2.3) from a distribution with Tomcat 6.0.26 and MySQL 5.1 on Windows XP. I followed the guide installation. After creating a new wiki instance, I tried to access it but unsuccessfully... I have some delay timeout expiration and wiki can't be displayed. I can only access to the main wiki. I don't know where to look for and what to do, do you have any suggestions ? When I imported the xem application xar, I had these error messages in Tomcat console : ERROR util.JDBCExceptionReporter - Incorrect string value: '\xC5\xABs va...' for column 'XWD_CONTENT' at row 1 ERROR .AbstractFlushingEventListener - Could not synchronize database state with session and after those, some like this one : ERROR packaging.Package - Failed to save document Sandbox.WebHome Do you think it's linked ? Marine

14 years, 4 months

[xwiki-users] Document Tree - visibility

by Ben Stuggler

Hi, I have a "security" problem in the document tree. People who doesn't have access to a specific space shouldn't even see his name in the tree results. I'm looking for the parameter which has to be modify to solve this problem but unfortunetely, it's very hard to find it. Can somebody help me? => there is a condition to had a link in the space name to see documents inside, I think it's here that I have to modify something but I can't find this code... Thanks Regards Ben -- View this message in context: http://xwiki.475771.n2.nabble.com/Document-Tree-visibility-tp4996738p499673… Sent from the XWiki- Users mailing list archive at Nabble.com.

14 years, 4 months

[xwiki-users] Damaged wiki-pages because of getURL returns incorect URL

by Colesnicov Eugen

I have a strange situation in my wiki. Some of elements at a standart wiki-pages are damaged. For example - Main.Spaces, all user profiles, Blogs.WebHome and many-many others (but not all). You can see how they are damaged on a attached images. http://n2.nabble.com/forum/FileDownload.jtp?type=n&id=4992332&name=UserProf… http://n2.nabble.com/forum/FileDownload.jtp?type=n&id=4992332&name=Spaces_d… This situation exists on fresh XWiki installations on all versions (I tried XWiki starting from 2.0), different servlets (I tried jetty & glassfish), different DB (I tried Oracle & HSQLDB & MySQL). I started to analyze situation. Interest, but when I use local server address (http://localhost:8080/xwiki) - all is ok, problem shows ONLY if I connecting through my internet domain name (http://mysite.com/xwiki). I started to compare html-generated code and found, that function getURL returns different strings! When I addresses through http://localhost:8080/xwiki getURL returns /xwiki/bin/view/ColorThemes/ with class="wikilink". But when I adresses through my site getURL returns http://mysite.com/xwiki/bin/view/Main/SpaceIndex?space=ColorThemes with class="wikiexternallink". If I put option {{html wiki="false"}} - these links are ok, but another portions of code (where using wiki-syntax inside of html) started to damaged. Ok - I can one-by-one for all pages put {{html wiki="false"}} and change wiki-syntax inside of html for a truly html ... I already did it successfully for a Main.Spaces. But pages with same problems quite enough ... Maybe exists another variant? How to say absolutely for a getURL function to returns internal link? Or maybe problem with my site config? Unfortunately, site-configuration is not under my control ... My Xwiki server placed inside internal local network domain, and exists "link" between my XWiki-Server and address on a external site (which is hosted on another server, another network). How this "link" is configured - I don't no. I only said for external-site administrators internal path (http://servername:8080/xwiki) - and they did link. If it is problem with external-site address config - I need to say something for administrators what need to change, because now all looks like that problem is with programming code of XWiki ... Thanks beforehand! Eugen -- View this message in context: http://xwiki.475771.n2.nabble.com/Damaged-wiki-pages-because-of-getURL-retu… Sent from the XWiki- Users mailing list archive at Nabble.com.

14 years, 4 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

xwiki-users May 2010