Skip to content
6b9dfbc
Compare
Choose a tag to compare

Hey there everyone! It's another release :D This is an unusual one in many respects - for one there hasn't been a beta release (the least time this happened for a major release was waaay back in v0.9 in 2015). There's a reason for that - in issue #222 someone has unethically reported a security issue with Pepperminty Wiki by not privately disclosing it, and instead publishing it publicly on the internet (exhibits a, b).

Of these 2, the one that involves the first-run action is not of concern, since it requires the site secret to pull off and even then that can only be executed once. If you're worried about that, you've got other issues - you could achieve the same effect simply uploading a static HTML file to your web server or changing multiple different settings in peppermint.json which by design take arbitrary HTML!

The other vulnerability uncovered a bunch of places in which potentially unsafe user input was sent to the user improperly encoded - potentially allowing someone to insert arbitrary HTML (and hence scripts) where they shouldn't. This release fixes that.

Despite this rushed release, there are a number of awesome additions in this release too:

  • 📄 Experimental support for transparent handling of [display text](./Page Name.md) style internal links (disabled by default: enable the parser_mangle_external_links setting and delete the ._cache directory to enable)
  • 🗺 XML sitemap support (manual setup required via an edit to your robots.txt)
  • 💡 Automatic system requirements indicator to first run (doesn't block you from proceeding, but helps you make sure you meet Pepperminty Wiki's system requirements)
  • 🪲 Many bugs squashed!
  • Fixed compatibility issues with PHP 8.0

So all in all this release should be a good incremental improvement over v0.22. If I spot any new show stoppers, I'll make a quick hotfix release to squash them.

Have you updated to this release? Click this link to say hi!

This release also has an experimental GPG and SHA256 hashes file attached. My GPG key is C2F7843F9ADF9FEE264ACB9CC1C6C0BB001E1725 - please open an issue if you encounter any issues 🙂

Updating

You can update to this release simply by grabbing an updated copy of index.php and replacing the version in your current wiki (don't forget to take backups! I make every effort to squash as many bugs as possible, but you can never be too certain). You can get an updated copy of index.php in a number of ways:

  • By downloading the index.php file attached to this release
  • Using the online downloader (always has the latest stable version)
  • Using the online downloader offline
  • Building your own from source

For more information on the last 2 methods, please see the documentation for more information.

For those who want to contribute financially as a thank you, I've recently setup a Liberapay to accept donations. It's certainly not required, but would definitely help me out :-) If you want to contribute but Liberapay isn't for you, please let me know (e.g. open an issue, see my website for more contact options)

Since v0.22

Added

  • Added HTTP API support for creating pages that don't yet have a name (#194)
    • This allows for having a "create new page" button in your navigation links - e.g. edit nav_links, nav_links_extra, or nav_links_bottom in your peppermint.json and add something like [ "+", "index.php?action=edit&unknownpagename=yes" ].
  • XML sitemap support with the new page-sitemap module (manual setup required for crawlers to notice it: see the documentation)
  • Experimental support for transparent handling of [display text](./Page Name.md) style internal links (disabled by default: enable the parser_mangle_external_links setting and delete the ._cache directory to enable)
  • Added automatic system requirements indicator to first run (checks for various PHP extensions required for various different functions) - does not block you from proceeding, but does assist in first-time system configuration

Changed

  • Updated the configuration guide to include count of how many settings we have
  • Also send a x-robots-tag: noindex, nofollow HTTP header for the login page (Semrush Bot, you better obey this one)
  • Support page as either a GET parameter or a POST parameter (GET takes precedence over POST)
  • Preview generation: If php-imagick is not installed but required for a particular operation, return a proper error message
  • File upload: If fileinfo is not installed, return a proper error message when someone attempts to upload a file
  • Add image/avif (AVIF image), image/jxl (JPEG XL image), and image/heif/image/heic to upload_allowed_file_types (you'll need to delete your entry in peppermint.json to get the new updated list)
    • Also added these and flac (which was already allowed as an upload by default) to the data size calculator on ?action=help&dev=yes

Fixed

  • [security] Fixed some potential XSS attacks in the page editor
  • [security] Fix stored XSS attack in the wiki name via the first run wizard CVE-2021-38600; low severity since it requires the site secret to do the initial setup & said initial setup can only be performed once
  • [security] Fix reflected XSS attacks (arbitrary code execution in the user's browser) via the many different GET parameters in many different modules
  • [security] Automatically run page titles through htmlentities()
  • Fixed a weird bug in the stats-update action causing warnings
  • search: Properly apply weightings of matches in page titles and tags
  • Improved error handling on first run where the PHP Zip extension is not installed
  • Also extract to ._extra_data if the directory is empty
  • Add sidebar_show to the settings GUI and the configuration guide
  • Fix crash when using the search bar with PHP 8.0+
  • Prefix the default value of the logo_url setting with https:
  • Fix display of subpages in the sidebar, and also wrap subpage lists in a <details /> element to allow collapsing them
  • Fix file upload error handling logic - a proper error page is now sent to the client
  • Create theme gallery help section instead of overwriting the one entitled "Jumping to a random page".
  • Fix broken character in recent changes log entry when moving pages
3f93237
Compare
Choose a tag to compare

After a record-breaking number of beta releases, it's finally that time again: another new stable release!

Check out the major new features:

  • 📖 Reading time estimations (on by default, toggle with the readingtime_enabled setting)
  • Similar page suggestions at the bottom of the page, powered by the search index (on by default, toggle with the similarpages_enabled / similarpages_count settings)
  • 📝 New syntax features: checkboxes, highlighted text, spoiler text, super/subscript, automatic table of contents - check the inbuilt help page for details
  • 📑 Uploaded PDFs can now be embedded into pages (older wikis make sure that application/pdf is present in the upload_allowed_file_types setting)
  • 🍪 Improved cookie security: PHP 7.3+ recommended

Some notes for admins:

  • Make sure you have PHP 7.3+ when you update past this point!
  • Owners of existing wikis need to ensure that the upload_allowed_file_types setting in peppermint.json contains application/pdf
  • New policy: Only officially supported versions of PHP are officially supported by Pepperminty Wiki.
    • If you encounter issues using an unsupported version of PHP, please update before opening an issue.

Special thanks to @virtadpt and @SeanFromIT for reporting bugs in this beta release cycle.

Have you updated to this release? Click this link to say hi!

This release also has an experimental GPG and SHA256 hashes file attached. My GPG key is C2F7843F9ADF9FEE264ACB9CC1C6C0BB001E1725 - please open an issue if you encounter any issues 🙂

Updating

You can update to this release simply by grabbing an updated copy of index.php and replacing the version in your current wiki (don't forget to take backups! I make every effort to squash as many bugs as possible, but you can never be too certain). You can get an updated copy of index.php in a number of ways:

  • By downloading the index.php file attached to this release
  • Using the online downloader (always has the latest stable version)
  • Using the online downloader offline
  • Building your own from source

For more information on the last 2 methods, please see the documentation for more information.

For those who want to contribute financially as a thank you, I've recently setup a Liberapay to accept donations. It's certainly not required, but would definitely help me out :-) If you want to contribute but Liberapay isn't for you, please let me know (e.g. open an issue, see my website for more contact options)

Since VERSION_NUMBER_HERE

FULL_CHANGELOG_HERE

Since v0.22-beta3

No changes were made since the last beta release

Since v0.22-beta2

Changed

  • Don't emit custom CSS unless there's something to emit

Fixed

  • Fixed inbody:searchterm advanced query syntax
  • Fixed inaccessible colours in the page list when using the dark theme
  • Fixed invalid HTML generated by new hide_email implementation

Since v0.22-beta1

Added

  • Added dark theme via prefers-color-scheme to configuration guide (see the stable channel guide here - will only be updated when v0.22 is released)
  • Added link thingy you can click next to each setting to jump right to it
  • [docs] Documented the structure of pageindex.json and recentchanges.json

Fixed

  • Obfuscate the admin email address at the bottom of every page - we missed it in v0.22-beta1 (but got every other one though :P) (#205)
  • Bugfix: Don't use ->text() for recursion when parsing markdown - it resets ->DefinitionData, which breaks footnotes (#209)
  • Fix name of did you mean index: didyoumeaninddex.sqlitedidyoumeanindex.sqlite (feature is disabled by default; manual renaming required)

Changed

  • Disable parser cache by default to avoid issues because said cache isn't invalidated when it should be (and doing so would take more of a performance hit than leaving it on)

Since v0.21.1-hotfix1

Make sure you have PHP 7.3+ when you update past this point! It isn't the end of the world if you don't, but it will make you more secure if you do.

Added

  • [Module Api] Add new search::invindex_term_getpageids, and search::invindex_term_getoffsets, and search::index_sort_freq methods
  • [Module Api] Add new ends_with and filepath_to_pagename core functions
  • Added new syntax features to PeppermintParsedown, inspired by ParsedownExtreme (which we couldn't get to work, and it wasn't working before as far as I can tell)
    • Checkboxes: [ ] and [x] after a bullet point or at the start of a line
    • Marked / highlighted text: Some text ==marked text== more text
    • Spoiler text: Some text >!spoiler!< more text or Some text ||spoiler|| more text
    • Superscript: Some text^superscript^ more text
    • Subscript: Some text~subscript~ more text
  • Added automatic table of contents! (#155)
    • Put [__TOC__] on a line by itself to insert an automatic table of contents
    • Note that the level of heading generated can be controlled (or even removed) by the new parser_toc_heading_level setting
  • Add <meta name="theme-color" content="value" /> support with the new theme_colour setting. More information: MDN, caniuse. Also used by some platforms to customise embed accents when generating a rich snippet (e.g. Discord).
  • Added reading time estimate to the top of wiki pages - control it with the new readingtime_enabled setting (#172)
    • The algorithm used to estimate reading times is the as the one used in Firefox's reader mode
  • Added similar page suggestions between the bottom of the page content and the comments - control it with the new similarpages_enabled and similarpages_count settings.
  • Added absolute redirect support - use it like this: # REDIRECT [display text](INSERT_REDIRECT_URL_HERE)
    • It's disabled by default due to potential security issues with untrusted editors - enable it with the new redirect_absolute_enable setting (default: false)
  • Added new settings to control various features more precisely
    • comment_enabled controls whether anyone is allowed to comment at all or not
    • comment_hide_all determines whether the commenting system displays anything at all (if disabled, it's (almost) like the feature-comments doesn't exist - consider using the downloader to exclude the commenting system instead of enabling this setting)
    • avatars_gravatar_enabled determines whether redirects to gravatar.com should be performed if a user hasn't yet uploaded an avatar (if disabled then a blank image is returned instead of a redirect).
  • PDF previews now show the browser's UI when embedded in pages with the ![alt text](File/somefile.png) syntax
  • [Rest API] Add new typeheader GET parameter to raw action (ref Firefox bug 1319262)

Changed

  • New policy: Only officially supported versions of PHP are officially supported by Pepperminty Wiki.
  • Fiddled with Parsedown & ParsedownExtra versions
  • Removed ParsedownExtreme, as it wasn't doing anything useful anyway
    • Don't worry, we've absorbed all the useful features (see above)
    • NOTE TO SELF: Don't forget to update wikimatrix.org when we next make a stable release! (if you are reading this in the release notes for a stable release, please get in touch)
  • Enabled horizontal resize handle on sidebar (but it doesn't persist yet)
  • [security] SameSite=Strict is now set on all cookies in PHP 7.3+
  • [security] The Secure cookie flag is now automatically added when clients use HTTPS to prevent downgrade-based session stealing attacks (control this with the new cookie_secure setting)
  • Standardised prefixes to (most) error_log() calls to aid clarity in multi-wiki environments
  • Improved pageindex rebuilder algorithm to search for and import history revisions - this helps when converting data from another wiki format
  • Improved spam protection when hiding email addresses. Javascript is now required to decode email addresses - please get in touch if this is a problem for whatever reason. I take accessibility very seriously.
  • Bump weighting of title and tag matches in search results (delete the search_title_matches_weighting and search_tags_matches_weighting settings to get the new weightings)

Fixed

  • Squashed a warning when using the fenced code block syntax
  • If a redirect page sends you to create a page that doesn't exist, a link back to the redirect page itself is now displayed
  • Really fix bots getting into infinite loops on the login page this time by marking all login pages as noindex, nofollow with a robots <meta /> tag
  • Navigating to a redirect page from a page list or the recent changes list will no longer cause you to automatically follow the redirect
  • Limited sidebar size to 20% of the screen width at most
  • Fix the large blank space problem in all themes
  • Squashed the text \A appearing before tags at the bottom of pages for some users (ref)
  • Fixed an issue causing uploaded avatars not to render
  • Fixed an obscure bug in the search engine when excluding terms that appear both in a page's title and body
  • Squashed a warning at the top of search results (more insight is needed though to squash the inconsistencies in the search index that creep in though)
  • Removed annoying scrollbars when editing long pages
  • Fixed an obscure warning when previewing PDFs (#202)
  • Ensure that the parent page exists when moving a page to be a child of a non-existent parent (#201)
  • Fixed templating (#203)
  • Fixed warning from statistics engine during firstrun wizard
7fe8f1a
Compare
Choose a tag to compare

v0.22-beta3

Pre-release
Pre-release

Another beta release! I should have released this earlier, but I've been really busy with my PhD recently. Anyway, despite the larger-than-usual number of changes in this release, I'm pretty confident that we've got all the showstoppers squashed in this one. If all goes well, I'll be releasing the stable version of v0.22 in 1 week's time (to give everyone time to test this release).

This beta release also marks a new record for the most number of beta releases before a stable release!

Have you updated to this release? Click this link to say hi!

This release also has an experimental GPG and SHA256 hashes file attached. My GPG key is C2F7843F9ADF9FEE264ACB9CC1C6C0BB001E1725 - please open an issue if you encounter any issues 🙂

Updating

You can update to this release simply by grabbing an updated copy of index.php and replacing the version in your current wiki (don't forget to take backups! I make every effort to squash as many bugs as possible, but you can never be too certain). You can get an updated copy of index.php in a number of ways:

  • By downloading the index.php file attached to this release
  • Using the online downloader (always has the latest stable version)
  • Using the online downloader offline
  • Building your own from source

For more information on the last 2 methods, please see the documentation for more information.

For those who want to contribute financially as a thank you, I've recently setup a Liberapay to accept donations. It's certainly not required, but would definitely help me out :-) If you want to contribute but Liberapay isn't for you, please let me know (e.g. open an issue, see my website for more contact options)

Since v0.22-beta2

Changed

  • Don't emit custom CSS unless there's something to emit

Fixed

  • Fixed inbody:searchterm advanced query syntax
  • Fixed inaccessible colours in the page list when using the dark theme
  • Fixed invalid HTML generated by new hide_email implementation
fe690c3
Compare
Choose a tag to compare

v0.22-beta2

Pre-release
Pre-release

This is the 2nd beta release for v0.22! Thanks to @SeanFromIT and @viradpt for the bug reports (#205, #209, and more over Gitter)

Have you updated to this release? Click this link to say hi!

This release also has an experimental GPG and SHA256 hashes file attached. My GPG key is C2F7843F9ADF9FEE264ACB9CC1C6C0BB001E1725 - please open an issue if you encounter any issues 🙂

Updating

You can update to this release simply by grabbing an updated copy of index.php and replacing the version in your current wiki (don't forget to take backups! I make every effort to squash as many bugs as possible, but you can never be too certain). You can get an updated copy of index.php in a number of ways:

  • By downloading the index.php file attached to this release
  • Using the online downloader (always has the latest stable version)
  • Using the online downloader offline
  • Building your own from source

For more information on the last 2 methods, please see the documentation for more information.

For those who want to contribute financially as a thank you, I've recently setup a Liberapay to accept donations. It's certainly not required, but would definitely help me out :-) If you want to contribute but Liberapay isn't for you, please let me know (e.g. open an issue, over Gitter, see my website for more contact options)

Since v0.22-beta1

Added

  • Added dark theme via prefers-color-scheme to configuration guide (see the stable channel guide here - will only be updated when v0.22 is released)
  • Added link thingy you can click next to each setting to jump right to it
  • [docs] Documented the structure of pageindex.json and recentchanges.json

Fixed

  • Obfuscate the admin email address at the bottom of every page - we missed it in v0.22-beta1 (but got every other one though :P) (#205)
  • Bugfix: Don't use ->text() for recursion when parsing markdown - it resets ->DefinitionData, which breaks footnotes (#209)
  • Fix name of did you mean index: didyoumeaninddex.sqlitedidyoumeanindex.sqlite (feature is disabled by default; manual renaming required)

Changed

  • Disable parser cache by default to avoid issues because said cache isn't invalidated when it should be (and doing so would take more of a performance hit than leaving it on)

Since v0.21.1-hotfix1

Make sure you have PHP 7.3+ when you update past this point! It isn't the end of the world if you don't, but it will make you more secure if you do.

Added

  • [Module Api] Add new search::invindex_term_getpageids, and search::invindex_term_getoffsets, and search::index_sort_freq methods
  • [Module Api] Add new ends_with and filepath_to_pagename core functions
  • Added new syntax features to PeppermintParsedown, inspired by ParsedownExtreme (which we couldn't get to work, and it wasn't working before as far as I can tell)
    • Checkboxes: [ ] and [x] after a bullet point or at the start of a line
    • Marked / highlighted text: Some text ==marked text== more text
    • Spoiler text: Some text >!spoiler!< more text or Some text ||spoiler|| more text
    • Superscript: Some text^superscript^ more text
    • Subscript: Some text~subscript~ more text
  • Added automatic table of contents! (#155)
    • Put [__TOC__] on a line by itself to insert an automatic table of contents
    • Note that the level of heading generated can be controlled (or even removed) by the new parser_toc_heading_level setting
  • Add <meta name="theme-color" content="value" /> support with the new theme_colour setting. More information: MDN, caniuse. Also used by some platforms to customise embed accents when generating a rich snippet (e.g. Discord).
  • Added reading time estimate to the top of wiki pages - control it with the new readingtime_enabled setting (#172)
    • The algorithm used to estimate reading times is the as the one used in Firefox's reader mode
  • Added similar page suggestions between the bottom of the page content and the comments - control it with the new similarpages_enabled and similarpages_count settings.
  • Added absolute redirect support - use it like this: # REDIRECT [display text](INSERT_REDIRECT_URL_HERE)
    • It's disabled by default due to potential security issues with untrusted editors - enable it with the new redirect_absolute_enable setting (default: false)
  • Added new settings to control various features more precisely
    • comment_enabled controls whether anyone is allowed to comment at all or not
    • comment_hide_all determines whether the commenting system displays anything at all (if disabled, it's (almost) like the feature-comments doesn't exist - consider using the downloader to exclude the commenting system instead of enabling this setting)
    • avatars_gravatar_enabled determines whether redirects to gravatar.com should be performed if a user hasn't yet uploaded an avatar (if disabled then a blank image is returned instead of a redirect).
  • PDF previews now show the browser's UI when embedded in pages with the ![alt text](File/somefile.png) syntax
  • [Rest API] Add new typeheader GET parameter to raw action (ref Firefox bug 1319262)

Changed

  • New policy: Only officially supported versions of PHP are officially supported by Pepperminty Wiki.
  • Fiddled with Parsedown & ParsedownExtra versions
  • Removed ParsedownExtreme, as it wasn't doing anything useful anyway
    • Don't worry, we've absorbed all the useful features (see above)
    • NOTE TO SELF: Don't forget to update wikimatrix.org when we next make a stable release! (if you are reading this in the release notes for a stable release, please get in touch)
  • Enabled horizontal resize handle on sidebar (but it doesn't persist yet)
  • [security] SameSite=Strict is now set on all cookies in PHP 7.3+
  • [security] The Secure cookie flag is now automatically added when clients use HTTPS to prevent downgrade-based session stealing attacks (control this with the new cookie_secure setting)
  • Standardised prefixes to (most) error_log() calls to aid clarity in multi-wiki environments
  • Improved pageindex rebuilder algorithm to search for and import history revisions - this helps when converting data from another wiki format
  • Improved spam protection when hiding email addresses. Javascript is now required to decode email addresses - please get in touch if this is a problem for whatever reason. I take accessibility very seriously.
  • Bump weighting of title and tag matches in search results (delete the search_title_matches_weighting and search_tags_matches_weighting settings to get the new weightings)

Fixed

  • Squashed a warning when using the fenced code block syntax
  • If a redirect page sends you to create a page that doesn't exist, a link back to the redirect page itself is now displayed
  • Really fix bots getting into infinite loops on the login page this time by marking all login pages as noindex, nofollow with a robots <meta /> tag
  • Navigating to a redirect page from a page list or the recent changes list will no longer cause you to automatically follow the redirect
  • Limited sidebar size to 20% of the screen width at most
  • Fix the large blank space problem in all themes
  • Squashed the text \A appearing before tags at the bottom of pages for some users (ref)
  • Fixed an issue causing uploaded avatars not to render
  • Fixed an obscure bug in the search engine when excluding terms that appear both in a page's title and body
  • Squashed a warning at the top of search results (more insight is needed though to squash the inconsistencies in the search index that creep in though)
  • Removed annoying scrollbars when editing long pages
  • Fixed an obscure warning when previewing PDFs (#202)
  • Ensure that the parent page exists when moving a page to be a child of a non-existent parent (#201)
  • Fixed templating (#203)
  • Fixed warning from statistics engine during firstrun wizard
8a05d79
Compare
Choose a tag to compare

v0.22-beta1

Pre-release
Pre-release

Hello and welcome to another beta release of Pepperminty Wiki! Check out the major new features:

  • 📖 Reading time estimations (on by default, toggle with the readingtime_enabled setting)
  • Similar page suggestions at the bottom of the page, powered by the search index (on by default, toggle with the similarpages_enabled / similarpages_count settings)
  • 📝 New syntax features: checkboxes, highlighted text, spoiler text, super/subscript, automatic table of contents - check the inbuilt help page for details
  • 📑 Uploaded PDFs can now be embedded into pages (older wikis make sure that application/pdf is present in the upload_allowed_file_types setting)
  • 🍪 Improved cookie security: PHP 7.3+ recommended

.....and lots of other bugfixes and new features! Check the full changelog at the bottom of these release notes for the full details.

Regarding the reading time and similar page suggestions, I'm still a little unsure about it. What to you think? Please fill out this strawpoll by Tuesday 11th August 2020 12pm GMT (after which I'll be looking to make final adjustments before making another beta release / the stable release) - it would be really helpful!

Notes for admins

Like the last stable release, there are a few things that admins should be aware of:

  • If you're updating from before v0.21.1-hotfix1, please change your wiki secret. This is really important, as v0.21.1-hotfix1 fixes a critical security issue.
  • I have a new policy: Only officially supported versions of PHP will be supported by Pepperminty Wiki. This just ensures that I have a clear line that I can draw on the subject.
  • Speaking of PHP versions, PHP 7.3+ is highly recommended going forwards. SameSite=Strict is now set on all cookies to comply with the new cookie handling being introduced into browsers, but only in PHP 7.3+.
  • Some users have reported issues with the search engine after updating to this release. Rebuilding the search index may be required (use the CLI with php index.php exec search rebuild, or navigate to the master settings and hit the rebuild button)
  • Set the new theme_colour setting to enable extra coolness in some browsers and when generating embeds in places like Discord 🙂

Have you updated to this release? Click this link to say hi!

This release also has an experimental GPG and SHA256 hashes file attached. My GPG key is C2F7843F9ADF9FEE264ACB9CC1C6C0BB001E1725 - please open an issue if you encounter any issues 🙂

Updating

You can update to this release simply by grabbing an updated copy of index.php and replacing the version in your current wiki (don't forget to take backups! I make every effort to squash as many bugs as possible, but you can never be too certain). You can get an updated copy of index.php in a number of ways:

  • By downloading the index.php file attached to this release
  • Using the online downloader offline
  • Building your own from source

For more information on the last 2 methods, please see the documentation for more information.

Since v0.21.1-hotfix1

Make sure you have PHP 7.3+ when you update past this point! It isn't the end of the world if you don't, but it will make you more secure if you do.

Added

  • [Module Api] Add new search::invindex_term_getpageids, and search::invindex_term_getoffsets, and search::index_sort_freq methods
  • [Module Api] Add new ends_with and filepath_to_pagename core functions
  • Added new syntax features to PeppermintParsedown, inspired by ParsedownExtreme (which we couldn't get to work, and it wasn't working before as far as I can tell)
    • Checkboxes: [ ] and [x] after a bullet point or at the start of a line
    • Marked / highlighted text: Some text ==marked text== more text
    • Spoiler text: Some text >!spoiler!< more text or Some text ||spoiler|| more text
    • Superscript: Some text^superscript^ more text
    • Subscript: Some text~subscript~ more text
  • Added automatic table of contents! (#155)
    • Put [__TOC__] on a line by itself to insert an automatic table of contents
    • Note that the level of heading generated can be controlled (or even removed) by the new parser_toc_heading_level setting
  • Add <meta name="theme-color" content="value" /> support with the new theme_colour setting. More information: MDN, caniuse. Also used by some platforms to customise embed accents when generating a rich snippet (e.g. Discord).
  • Added reading time estimate to the top of wiki pages - control it with the new readingtime_enabled setting (#172)
    • The algorithm used to estimate reading times is the as the one used in Firefox's reader mode
  • Added similar page suggestions between the bottom of the page content and the comments - control it with the new similarpages_enabled and similarpages_count settings.
  • Added absolute redirect support - use it like this: # REDIRECT [display text](INSERT_REDIRECT_URL_HERE)
    • It's disabled by default due to potential security issues with untrusted editors - enable it with the new redirect_absolute_enable setting (default: false)
  • Added new settings to control various features more precisely
    • comment_enabled controls whether anyone is allowed to comment at all or not
    • comment_hide_all determines whether the commenting system displays anything at all (if disabled, it's (almost) like the feature-comments doesn't exist - consider using the downloader to exclude the commenting system instead of enabling this setting)
    • avatars_gravatar_enabled determines whether redirects to gravatar.com should be performed if a user hasn't yet uploaded an avatar (if disabled then a blank image is returned instead of a redirect).
  • PDF previews now show the browser's UI when embedded in pages with the ![alt text](File/somefile.png) syntax
  • [Rest API] Add new typeheader GET parameter to raw action (ref Firefox bug 1319262)

Changed

  • New policy: Only officially supported versions of PHP are officially supported by Pepperminty Wiki.
  • Fiddled with Parsedown & ParsedownExtra versions
  • Removed ParsedownExtreme, as it wasn't doing anything useful anyway
    • Don't worry, we've absorbed all the useful features (see above)
    • NOTE TO SELF: Don't forget to update wikimatrix.org when we next make a stable release! (if you are reading this in the release notes for a stable release, please get in touch)
  • Enabled horizontal resize handle on sidebar (but it doesn't persist yet)
  • [security] SameSite=Strict is now set on all cookies in PHP 7.3+
  • [security] The Secure cookie flag is now automatically added when clients use HTTPS to prevent downgrade-based session stealing attacks (control this with the new cookie_secure setting)
  • Standardised prefixes to (most) error_log() calls to aid clarity in multi-wiki environments
  • Improved pageindex rebuilder algorithm to search for and import history revisions - this helps when converting data from another wiki format
  • Improved spam protection when hiding email addresses. Javascript is now required to decode email addresses - please get in touch if this is a problem for whatever reason. I take accessibility very seriously.
  • Bump weighting of title and tag matches in search results (delete the search_title_matches_weighting and search_tags_matches_weighting settings to get the new weightings)

Fixed

  • Squashed a warning when using the fenced code block syntax
  • If a redirect page sends you to create a page that doesn't exist, a link back to the redirect page itself is now displayed
  • Really fix bots getting into infinite loops on the login page this time by marking all login pages as noindex, nofollow with a robots <meta /> tag
  • Navigating to a redirect page from a page list or the recent changes list will no longer cause you to automatically follow the redirect
  • Limited sidebar size to 20% of the screen width at most
  • Fix the large blank space problem in all themes
  • Squashed the text \A appearing before tags at the bottom of pages for some users (ref)
  • Fixed an issue causing uploaded avatars not to render
  • Fixed an obscure bug in the search engine when excluding terms that appear both in a page's title and body
  • Squashed a warning at the top of search results (more insight is needed though to squash the inconsistencies in the search index that creep in though)
  • Removed annoying scrollbars when editing long pages
  • Fixed an obscure warning when previewing PDFs (#202)
  • Ensure that the parent page exists when moving a page to be a child of a non-existent parent (#201)
  • Fixed templating (#203)
  • Fixed warning from statistics engine during firstrun wizard
d125005
Compare
Choose a tag to compare

Oh, my! I think this is the fastest I've ever gotten a hotfix out. I've found a serious security issue in Pepperminty Wiki which must be fixed right away! Please update to this release as soon as possible.

Please also edit the value of the secret property in peppermint.json, as it may have been compromised.

Edit: On the subject of security, this is now the first release that has experimental SHA256 hashes that are signed with GPG. Future releases will always be signed in the same way. My GPG key id is C2F7843F9ADF9FEE264ACB9CC1C6C0BB001E1725 (let me know if you encounter any issues.

Note that this is a maintenance release that backports some urgent bugfixes to v0.21. Current development efforts are focused on v0.22. The work-in-progress changelog for v0.22 can be found here.

Have you updated to this release? Click this link to say hi!

Updating

You can update to this release simply by grabbing an updated copy of index.php and replacing the version in your current wiki (don't forget to take backups! I make every effort to squash as many bugs as possible, but you can never be too certain). You can get an updated copy of index.php in a number of ways:

  • By downloading the index.php file attached to this release
  • Using the online downloader (always has the latest stable version)
  • Using the online downloader offline
  • Building your own from source

For more information on the last 2 methods, please see the documentation for more information.

Since v0.21

  • [security] Fix security issue in the debug action
ff46c13
Compare
Choose a tag to compare

Welcome, one and all! It's time for Pepperminty Wiki v0.21! 🎉🎉🎉 In ~5 months and 24 days, 138 commits and 3 hotfixes(!) have been made to bring you v0.21 - with lots of new features to check out. This is another huge release. Check out the feature summary:

  • 🔭 Watchlists: Get an email when a page is updated (assuming you have email setup in your PHP installation)
  • 📱 Improved mobile support: There's still a ways to go, but it's much better than it was. Open an issue if you've got any suggestions for improvement, no matter how small
  • 🎷 Autocomplete tags: Tags now autocomplete when editing pages
  • 🐚 A command-line interface: Pepperminty Wiki now has a command-line interface, where you can do things like update the search index. Check out the docs for more info
  • 🎥 Added markdown support to media captions: Fancy media captions are now at your fingertips! Just add markdown to the alt portion of the image tag (#184)

Lots of other gems can be found in the full changelog below, so take a look :D

Also, Pepperminty Wiki now has a website! I built it with Eleventy.

A few things to note for admins:

  • The CLI will never be required to do things. Its goal is to provide an alternative interface (particularly for larger wikis and those who want to automate stuff via shell scripting).
  • A working PHP email setup is required for the watchlist to work
  • A new button has been added to the nav_links_extra mega menu. You'll need to delete the nav_links_extra entry from your peppermint.json in order for this to show up.
  • Search index performance has been improved. Again :D This requires regenerating the search index after updating.
  • Email address verification: Enabled by default. Users will now need to verify their email addresses. An easy fix is to edit your profile re-enter your email address to receive the verification email

Wow, that's a lot! The full changelog can be found below as usual. Before I end this message though, I just want to ask:

Please help test this release.

I mean it. This release comes with a number of huge fundamental changes (large and small), some of which are incremental in a series across the last few releases. Particularly of note is the command-line interface - that required massive backend changes.

Help would be really appreciated to find issues before the big main stable release in about a week's time (unless issues are found). While hotfixes are fun, I'd prefer to keep them to a minimum :P

Even if you just want to share an "implementation report" (a short summary of your experience upgrading), I'd really appreciate the feedback :-)

--Starbeamrainbowlabs


Have you updated to this release? Click this link to say hi!

Updating

You can update to this release simply by grabbing an updated copy of index.php and replacing the version in your current wiki (don't forget to take backups! I make every effort to squash as many bugs as possible, but you can never be too certain). You can get an updated copy of index.php in a number of ways:

  • By downloading the index.php file attached to this release
  • Using the online downloader (always has the latest stable version)
  • Using the online downloader offline
  • Building your own from source

For more information on the last 2 methods, please see the documentation for more information.

Since v0.21-beta1

Fixed

  • Make PEPPERMINT_THEME environment variable work again when compiling on the command line
  • Fixed invalid HTML that was causing layout issues on the master settings page

Since v0.20.4-hotfix4

Added

  • Watchlists! A new addition has been added to the more menu to add the current page to your personal watchlist
    • An email will be sent to all users watching a page when an edit is saved to it (uses the PHP mail() function internally, via the email_user() internal Pepperminty Wiki utility function)
  • Email address verification
    • Enabled by default. In order to receive emails users now need to verify their email address
    • This is done via a verification email that's sent when you change your email address (even if your email address is the same when you change your preferences and you haven't yet verified it)
    • A new email_verify_addresses setting has been added to control the functionality
  • Added dark theme to the downloader (will be updated at the next stable release)
  • Added initial mobile theme support to the default theme
    • There's still a bunch of work to do in this department, but it's a bit of a challenge to do so without breaking desktop support
  • Added autocomplete for tags when editing pages, powered by Awesomplete
    • The new editing_tags_autocomplete setting - enabled by default - toggles it, but why would you want to turn it off? :P
    • It should be reasonably accessible, judging from all the aria tags I'm seeing
    • Get in touch if you experience performance issues with fetching tag lists from your wiki
  • A command-line interface!
    • Wiki administrators with terminal/console access can now make use of a brand-new CLI by executing php ./index.php (warning: strange things will happen if the current working directory is not the directory that contains index.php and peppermint.json)
  • Added new anoncomments setting to control whether anonymous users are allowed to make comments (disabled by default) - thanks to @SeanFromIT for suggesting it in #181
  • Added markdown support for media captions (#184)
  • Finally: Experimental didyoumean support. Ever made a typo in a search query? The new didyoumean engine can correct query terms that are up to 2 characters out!
    • It's disabled by default (check out the new search_didyoumean_enabled setting), as it enabling it comes with a significant performance impact when typos are corrected (~0.8s-ish / typo is currently observed)
    • Uses the words in the search index as a base for corrections (so if you have a typo on a page, then it will correct it to the typo)
    • The index does not currently update when you edit a page - this feature is still very experimental (please report any issues)
    • A typo is a search query term that is both not a stop word and not found in the search index

Fixed

  • Fixed weighted word support on search query analysis debug page

  • Added missing apostrophes to stop words in search system. Regenerating your search index will now yield a slightly smaller index

  • Fixed link loop when logging in for crawlers

  • [security] Bugfix: Don't leak the PHP version in emails when expose_php is turned off

  • Fixed handling of Unicode characters when emailing users - added new email_subject_utf8 and email_body_utf8 settings to control the new behaviour

  • Add new email_debug_dontsend setting for debugging emails sent by Pepperminty Wiki

  • Fixed pressing alt + enter to open a search in a new tab - it should no longer fail and briefly prompt to allow pop-ups

  • Squashed a bug in the new upgraded get/set_array_simple search optimisation

  • Updated Parsedown to squash warning in PHP 7.4+

  • Trailing commas in the tags box will no longer result in empty tags being added to pages.

  • Minor UI fixes

    • Multiple tags in search results and on page lists now have a margin between them
  • Newline characters (\r and \n) are now replaced with spaces in internal links (#186, thanks @SeanFromIT!)

  • Inbuilt help documentation corrections (#185, thanks @SeanFromIT!)

  • Fixed a warning message when a file fails to upload (thanks for the test file, @SeanFromIT)

  • Really fix the dot problem from v0.20.3-hotfix3 that @SeanFromIT reported

  • Make PEPPERMINT_THEME environment variable work again when compiling on the command line

  • Fixed invalid HTML that was causing layout issues on the master settings page

Changed

  • Improved the search indexing system performance - again
    • Another search index rebuild is required
  • Optimisation: Don't generate the list of pages for the datalist if it isn't going to be displayed (especially noticeable on wikis with lots of pages)
  • Optimisation: Don't load the statistics index if it's not needed (also esp. noticeable on wikis with lots of pages)
  • Optimisation: Refactor stas_split() to be faster (informal testing shows ~18% faster → 4% total time)
  • [Module Api] Optimisation: Remove search::transliterate because it has a huge overhead. Use search::$literator->transliterate() instead.
  • [Module Api] Add new absolute and html optional boolean arguments to render_timestamp()
  • [Module Api] search::extract_context() and search::highlight_context() now take in a parsed query (with search::stas_parse()), not a raw string

Known bugs

  • Wow, a new section! Haven't seen one of these before. Hopefully we don't see it too often.....
  • The didyoumean search query typo correction engine does not currently update it's index when you save an edit to a page (the typo correction engine is still under development).
e252bad
Compare
Choose a tag to compare

v0.21-beta1

Pre-release
Pre-release

Welcome, one and all! It's time for the very first beta release of Pepperminty Wiki v0.21! 🎉🎉🎉 In ~5 months and 14 days, 132 commits and 3 hotfixes(!) have been made to bring you v0.21 - with lots of new features to check out. This is another huge release. Check out the feature summary:

  • 🔭 Watchlists: Get an email when a page is updated (assuming you have email setup in your PHP installation)
  • 📱 Improved mobile support: There's still a ways to go, but it's much better than it was. Open an issue if you've got any suggestions for improvement, no matter how small
  • 🎷 Autocomplete tags: Tags now autocomplete when editing pages
  • 🐚 A command-line interface: Pepperminty Wiki now has a command-line interface, where you can do things like update the search index. Check out the docs for more info
  • 🎥 Added markdown support to media captions: Fancy media captions are now at your fingertips! Just add markdown to the alt portion of the image tag (#184)

Lots of other gems can be found in the full changelog below, so take a look :D

A few things to note for admins:

  • The CLI will never be required to do things. Its goal is to provide an alternative interface (particularly for larger wikis and those who want to automate stuff via shell scripting).
  • A working PHP email setup is required for the watchlist to work
  • A new button has been added to the nav_links_extra mega menu. You'll need to delete the nav_links_extra entry from your peppermint.json in order for this to show up.
  • Search index performance has been improved. Again :D This requires regenerating the search index after updating.
  • Email address verification: Enabled by default. Users will now need to verify their email addresses. An easy fix is to edit your profile re-enter your email address to receive the verification email

Wow, that's a lot! The full changelog can be found below as usual. Before I end this message though, I just want to ask:

Please help test this release.

I mean it. This release comes with a number of huge fundamental changes (large and small), some of which are incremental in a series across the last few releases. Particularly of note is the command-line interface - that required massive backend changes.

Help would be really appreciated to find issues before the big main stable release in about a week's time (unless issues are found). While hotfixes are fun, I'd prefer to keep them to a minimum :P

Even if you just want to share an "implementation report" (a short summary of your experience upgrading), I'd really appreciate the feedback :-)

--Starbeamrainbowlabs


Have you updated to this release? Click this link to say hi!

Updating

You can update to this release simply by grabbing an updated copy of index.php and replacing the version in your current wiki (don't forget to take backups! I make every effort to squash as many bugs as possible, but you can never be too certain). You can get an updated copy of index.php in a number of ways:

  • By downloading the index.php file attached to this release
  • Using the online downloader (always has the latest stable version)
  • Using the online downloader offline
  • Building your own from source

For more information on the last 2 methods, please see the documentation for more information.

Since v0.20.4-hotfix4

Added

  • Watchlists! A new addition has been added to the more menu to add the current page to your personal watchlist
    • An email will be sent to all users watching a page when an edit is saved to it (uses the PHP mail() function internally, via the email_user() internal Pepperminty Wiki utility function)
  • Email address verification
    • Enabled by default. In order to receive emails users now need to verify their email address
    • This is done via a verification email that's sent when you change your email address (even if your email address is the same when you change your preferences and you haven't yet verified it)
    • A new email_verify_addresses setting has been added to control the functionality
  • Added dark theme to the downloader (will be updated at the next stable release)
  • Added initial mobile theme support to the default theme
    • There's still a bunch of work to do in this department, but it's a bit of a challenge to do so without breaking desktop support
  • Added autocomplete for tags when editing pages, powered by Awesomplete
    • The new editing_tags_autocomplete setting - enabled by default - toggles it, but why would you want to turn it off? :P
    • It should be reasonably accessible, judging from all the aria tags I'm seeing
    • Get in touch if you experience performance issues with fetching tag lists from your wiki
  • A command-line interface!
    • Wiki administrators with terminal/console access can now make use of a brand-new CLI by executing php ./index.php (warning: strange things will happen if the current working directory is not the directory that contains index.php and peppermint.json)
  • Added new anoncomments setting to control whether anonymous users are allowed to make comments (disabled by default) - thanks to @SeanFromIT for suggesting it in #181
  • Added markdown support for media captions (#184)
  • Finally: Experimental didyoumean support. Ever made a typo in a search query? The new didyoumean engine can correct query terms that are up to 2 characters out!
    • It's disabled by default (check out the new search_didyoumean_enabled setting), as it enabling it comes with a significant performance impact when typos are corrected (~0.8s-ish / typo is currently observed)
    • Uses the words in the search index as a base for corrections (so if you have a typo on a page, then it will correct it to the typo)
    • The index does not currently update when you edit a page - this feature is still very experimental (please report any issues)
    • A typo is a search query term that is both not a stop word and not found in the search index

Fixed

  • Fixed weighted word support on search query analysis debug page
  • Added missing apostrophes to stop words in search system. Regenerating your search index will now yield a slightly smaller index
  • Fixed link loop when logging in for crawlers
  • [security] Bugfix: Don't leak the PHP version in emails when expose_php is turned off
  • Fixed handling of Unicode characters when emailing users - added new email_subject_utf8 and email_body_utf8 settings to control the new behaviour
  • Add new email_debug_dontsend setting for debugging emails sent by Pepperminty Wiki
  • Fixed pressing alt + enter to open a search in a new tab - it should no longer fail and briefly prompt to allow pop-ups
  • Squashed a bug in the new upgraded get/set_array_simple search optimisation
  • Updated Parsedown to squash warning in PHP 7.4+
  • Trailing commas in the tags box will no longer result in empty tags being added to pages.
  • Minor UI fixes
    • Multiple tags in search results and on page lists now have a margin between them
  • Newline characters (\r and \n) are now replaced with spaces in internal links (#186, thanks @SeanFromIT!)
  • Inbuilt help documentation corrections (#185, thanks @SeanFromIT!)
  • Fixed a warning message when a file fails to upload (thanks for the test file, @SeanFromIT)
  • Really fix the dot problem from v0.20.3-hotfix3 that @SeanFromIT reported

Changed

  • Improved the search indexing system performance - again
    • Another search index rebuild is required
  • Optimisation: Don't generate the list of pages for the datalist if it isn't going to be displayed (especially noticeable on wikis with lots of pages)
  • Optimisation: Don't load the statistics index if it's not needed (also esp. noticeable on wikis with lots of pages)
  • Optimisation: Refactor stas_split() to be faster (informal testing shows ~18% faster → 4% total time)
  • [Module Api] Optimisation: Remove search::transliterate because it has a huge overhead. Use search::$literator->transliterate() instead.
  • [Module Api] Add new absolute and html optional boolean arguments to render_timestamp()
  • [Module Api] search::extract_context() and search::highlight_context() now take in a parsed query (with search::stas_parse()), not a raw string

Known bugs

  • Wow, a new section! Haven't seen one of these before. Hopefully we don't see it too often.....
  • The didyoumean search query typo correction engine does not currently update it's index when you save an edit to a page (the typo correction engine is still under development).
300f1df
Compare
Choose a tag to compare

Hey look - another wild hotfix appeared! Thanks to @SeanFromIT, 2 nasty bugs have been squashed in this release.

When merging their PR I only realised that it was merging into the hotfix branch after I'd done it, so decided to make another hotfix release 🙂

Note that this is a maintenance release that backports some urgent bugfixes to v0.20. Current development efforts are focused on v0.21. The work-in-progress changelog for v0.21 can be found here.

Have you updated to this release? Click this link to say hi!

Updating

You can update to this release simply by grabbing an updated copy of index.php and replacing the version in your current wiki (don't forget to take backups! I make every effort to squash as many bugs as possible, but you can never be too certain). You can get an updated copy of index.php in a number of ways:

  • By downloading the index.php file attached to this release
  • Using the online downloader (always has the latest stable version)
  • Using the online downloader offline
  • Building your own from source

For more information on the last 2 methods, please see the documentation for more information.

v0.20.3-hotfix3

8d2179e
Compare
Choose a tag to compare

Hey there! It's another hotfix release. Someone on Reddit noted that warnings were showing up in the demo, so this release fixes that. It's because I updated PHP to 7.4 on the server the demo runs on, and the version of Parsedown shipped with v0.20 doesn't like PHP 7.4 very much.

Again, as with v0.20.1-hotfix1, this is a maintenance release that backports some urgent bugfixes to v0.20. Current development efforts are focused on v0.21. The work-in-progress changelog for v0.21 can be found here.

Updating

You can update to this release simply by grabbing an updated copy of index.php and replacing the version in your current wiki (don't forget to take backups! I make every effort to squash as many bugs as possible, but you can never be too certain). You can get an updated copy of index.php in a number of ways:

  • By downloading the index.php file attached to this release
  • Using the online downloader (always has the latest stable version)
  • Using the online downloader offline
  • Building your own from source

For more information on the last 2 methods, please see the documentation for more information.

v0.20.2-hotfix2

  • Update Parsedown to squash warnings in PHP 7.4
  • Update the docs about how to get a copy