Pepperminty-Wiki

Hey there, one and all! Welcome to the (belated) release of Pepperminty Wiki v0.24!

Before we continue, I need to mention that you need to install this release or higher if you want to edit pages in the latest version of the Android client app. This is actually the main reason I'm making this beta release now - to give people something to update to that's not "build from source from the latest git".

With that out of the way, this release has a number of cool features:

• 📺 Support for embedding YouTube / Vimeo videos: e.g. ![alt text](https://youtube.com/watch?v=pID0xQ2qnrQ). If you can think of another site that should have native embed support, please open an issue (note that embedding regular video files still works as before)
• 📦 Added oneboxing: Rich previews for internal links. If an internal link with 3 square brackets (e.g. [[[example]]]) is on it's own with nothing before or after it on a line, then it'll be turned into a onebox
• 🔐 Improved security: The method by which these security issues were disclosed leaves a lot to be desired, but they are fixed anyway.
• 📱 Improved API support for the Android client app (GitHub): This may be a constant feature in the next few updates as I add more functionality to the app :D

Have you updated to this release? Click this link to say hi!

This release also has an experimental GPG and SHA256 hashes file attached. My GPG key is C2F7843F9ADF9FEE264ACB9CC1C6C0BB001E1725 - please open an issue if you encounter any issues 🙂

Updating

You can update to this release simply by grabbing an updated copy of index.php and replacing the version in your current wiki (don't forget to take backups! I make every effort to squash as many bugs as possible, but you can never be too certain). You can get an updated copy of index.php in a number of ways:

• By downloading the index.php file attached to this release
• Using the online downloader (always has the latest stable version)
• Using the online downloader offline
• Building your own from source

For more information on the last 2 methods, please see the documentation for more information.

For those who want to contribute financially as a thank you, I've recently setup a Liberapay to accept donations. It's certainly not required, but would definitely help me out :-) If you want to contribute but Liberapay isn't for you, please let me know (e.g. open an issue, see my website for more contact options)

Since v0.24-beta1

• Added: filter GET parameter to the list action, which filters the list of pages to contain only those containing the specified substring.
• Fixed: [Rest API] Documented redirect and redirected_from GET params to the view action.
• Fixed: Fixed bug where templating variables were not populated under some circumstances.
• Fixed: Typo on credits page

Since v0.23

Added

• Added support for embedding external YouTube and Vimeo videos (e.g. ![alt text](https://youtube.com/watch?v=pID0xQ2qnrQ))
  • If you know of a cool service that should be supported, please open an issue - YouTube and Vimeo were just the only 2 I could think of
  • Known issue: specifying the size (i.e. with | 500x400 inside the brackets () there) doesn't currently work because iframes are weird
• Added oneboxing: rich previews for internal links. If an internal link with 3 square brackets (e.g. [[[example]]]) is on it's own with nothing before or after it on a line, then it'll be turned into a onebox
  • 2 new settings have also been added to control it: parser_onebox_enabled and parser_onebox_preview_length
  • TODO: Update the dynamic help page for this.
• [Rest API] Add new x-tags HTTP header to raw action (required for v2.2 of the android client app to edit pages!)

Changed

• Display returnto URL above the login form if present to further mitigate CSRF issues
• [Rest API] Return a 409 Conflict instead of a 200 OK on an edit conflict when saving a page in the save action, and add x-failure-reason for more errors

Fixed

• Stats: Fix crash when loading the stats page
• Fix crash when leaving a top-level comment
• [security] Fixed an XSS vulnerability in the format GET parameter of the stats action (thanks, @JamieSlome)
• [security] Ensured that the returnto GET parameter leads you only to another place on your Pepperminty Wiki instance (thanks, @JamieSlome)
• [security] Ensure that Javascript in SVGs never gets executed (it's too challenging to strip it, since it could be lurking in many different places - according to this answer even Inkscape doesn't strip all Javascript when asked to)
• [security] Fixed XSS when the action GET param doesn't match a known action
• [security] User pages are now only savable in the HTTP API by either a moderator or the owning user (previously only the edit action was protected, so if you made a request direct to the save action, you could bypass the check)
• StorageBox: Create SQLite DB if it doesn't exist explicitly with touch(), because some systems are weird
• StorageBox: Fix crash when index.php is a symbolic link
• Fixed erroneous additional entries in complex tables of contents
• Make PeppermintParsedown::extract_page_names more multibyte safe to avoid empty statistics

Hey there, one and all! Welcome to the first beta release of Pepperminty Wiki v0.24.

Before we continue, I need to mention that you need to install this release or higher if you want to edit pages in the latest version of the Android client app. This is actually the main reason I'm making this beta release now - to give people something to update to that's not "build from source from the latest git".

With that out of the way, this release has a number of cool features:

• 📺 Support for embedding YouTube / Vimeo videos: e.g. ![alt text](https://youtube.com/watch?v=pID0xQ2qnrQ). If you can think of another site that should have native embed support, please open an issue
• 📦 Added oneboxing: Rich previews for internal links. If an internal link with 3 square brackets (e.g. [[[example]]]) is on it's own with nothing before or after it on a line, then it'll be turned into a onebox
• 🔐 Improved security: The method by which these security issues were disclosed leaves a lot to be desired, but they are fixed anyway.
• 📱 Improved API support for the Android client app (GitHub): This may be a constant feature in the next few updates as I add more functionality to the app :D

Have you updated to this release? Click this link to say hi!

This release also has an experimental GPG and SHA256 hashes file attached. My GPG key is C2F7843F9ADF9FEE264ACB9CC1C6C0BB001E1725 - please open an issue if you encounter any issues 🙂

Updating

You can update to this release simply by grabbing an updated copy of index.php and replacing the version in your current wiki (don't forget to take backups! I make every effort to squash as many bugs as possible, but you can never be too certain). You can get an updated copy of index.php in a number of ways:

• By downloading the index.php file attached to this release
• Using the online downloader (always has the latest stable version): I have updated the online downloader for this version. Normally this is only done for stable releases!
• Using the online downloader offline
• Building your own from source

For more information on the last 2 methods, please see the documentation for more information.

For those who want to contribute financially as a thank you, I've recently setup a Liberapay to accept donations. It's certainly not required, but would definitely help me out :-) If you want to contribute but Liberapay isn't for you, please let me know (e.g. open an issue, see my website for more contact options)

Since v0.23

Added

• Added support for embedding external YouTube and Vimeo videos (e.g. ![alt text](https://youtube.com/watch?v=pID0xQ2qnrQ))
  • If you know of a cool service that should be supported, please open an issue - YouTube and Vimeo were just the only 2 I could think of
  • Known issue: specifying the size (i.e. with | 500x400 inside the brackets () there) doesn't currently work because iframes are weird
• Added oneboxing: rich previews for internal links. If an internal link with 3 square brackets (e.g. [[[example]]]) is on it's own with nothing before or after it on a line, then it'll be turned into a onebox
  • 2 new settings have also been added to control it: parser_onebox_enabled and parser_onebox_preview_length
  • TODO: Update the dynamic help page for this.
• [Rest API] Add new x-tags HTTP header to raw action (required for v2.2 of the android client app to edit pages!)

Changed

• Display returnto URL above the login form if present to further mitigate CSRF issues
• [Rest API] Return a 409 Conflict instead of a 200 OK on an edit conflict when saving a page in the save action, and add x-failure-reason for more errors

Fixed

• Stats: Fix crash when loading the stats page
• Fix crash when leaving a top-level comment
• [security] Fixed an XSS vulnerability in the format GET parameter of the stats action (thanks, @JamieSlome)
• [security] Ensured that the returnto GET parameter leads you only to another place on your Pepperminty Wiki instance (thanks, @JamieSlome)
• [security] Ensure that Javascript in SVGs never gets executed (it's too challenging to strip it, since it could be lurking in many different places - according to this answer even Inkscape doesn't strip all Javascript when asked to)
• [security] Fixed XSS when the action GET param doesn't match a known action
• [security] User pages are now only savable in the HTTP API by either a moderator or the owning user (previously only the edit action was protected, so if you made a request direct to the save action, you could bypass the check)
• StorageBox: Create SQLite DB if it doesn't exist explicitly with touch(), because some systems are weird
• StorageBox: Fix crash when index.php is a symbolic link
• Fixed erroneous additional entries in complex tables of contents
• Make PeppermintParsedown::extract_page_names more multibyte safe to avoid empty statistics

Hey there everyone! It's another release :D This is an unusual one in many respects - for one there hasn't been a beta release (the least time this happened for a major release was waaay back in v0.9 in 2015). There's a reason for that - in issue #222 someone has unethically reported a security issue with Pepperminty Wiki by not privately disclosing it, and instead publishing it publicly on the internet (exhibits a, b).

Of these 2, the one that involves the first-run action is not of concern, since it requires the site secret to pull off and even then that can only be executed once. If you're worried about that, you've got other issues - you could achieve the same effect simply uploading a static HTML file to your web server or changing multiple different settings in peppermint.json which by design take arbitrary HTML!

The other vulnerability uncovered a bunch of places in which potentially unsafe user input was sent to the user improperly encoded - potentially allowing someone to insert arbitrary HTML (and hence scripts) where they shouldn't. This release fixes that.

Despite this rushed release, there are a number of awesome additions in this release too:

• 📄 Experimental support for transparent handling of [display text](./Page Name.md) style internal links (disabled by default: enable the parser_mangle_external_links setting and delete the ._cache directory to enable)
• 🗺 XML sitemap support (manual setup required via an edit to your robots.txt)
• 💡 Automatic system requirements indicator to first run (doesn't block you from proceeding, but helps you make sure you meet Pepperminty Wiki's system requirements)
• 🪲 Many bugs squashed!
• ⏫ Fixed compatibility issues with PHP 8.0

So all in all this release should be a good incremental improvement over v0.22. If I spot any new show stoppers, I'll make a quick hotfix release to squash them.

Have you updated to this release? Click this link to say hi!

This release also has an experimental GPG and SHA256 hashes file attached. My GPG key is C2F7843F9ADF9FEE264ACB9CC1C6C0BB001E1725 - please open an issue if you encounter any issues 🙂

Updating

You can update to this release simply by grabbing an updated copy of index.php and replacing the version in your current wiki (don't forget to take backups! I make every effort to squash as many bugs as possible, but you can never be too certain). You can get an updated copy of index.php in a number of ways:

• By downloading the index.php file attached to this release
• Using the online downloader (always has the latest stable version)
• Using the online downloader offline
• Building your own from source

For more information on the last 2 methods, please see the documentation for more information.

For those who want to contribute financially as a thank you, I've recently setup a Liberapay to accept donations. It's certainly not required, but would definitely help me out :-) If you want to contribute but Liberapay isn't for you, please let me know (e.g. open an issue, see my website for more contact options)

Since v0.22

Added

• Added HTTP API support for creating pages that don't yet have a name (#194)
  • This allows for having a "create new page" button in your navigation links - e.g. edit nav_links, nav_links_extra, or nav_links_bottom in your peppermint.json and add something like [ "+", "index.php?action=edit&unknownpagename=yes" ].
• XML sitemap support with the new page-sitemap module (manual setup required for crawlers to notice it: see the documentation)
• Experimental support for transparent handling of [display text](./Page Name.md) style internal links (disabled by default: enable the parser_mangle_external_links setting and delete the ._cache directory to enable)
• Added automatic system requirements indicator to first run (checks for various PHP extensions required for various different functions) - does not block you from proceeding, but does assist in first-time system configuration

Changed

• Updated the configuration guide to include count of how many settings we have
• Also send a x-robots-tag: noindex, nofollow HTTP header for the login page (Semrush Bot, you better obey this one)
• Support page as either a GET parameter or a POST parameter (GET takes precedence over POST)
• Preview generation: If php-imagick is not installed but required for a particular operation, return a proper error message
• File upload: If fileinfo is not installed, return a proper error message when someone attempts to upload a file
• Add image/avif (AVIF image), image/jxl (JPEG XL image), and image/heif/image/heic to upload_allowed_file_types (you'll need to delete your entry in peppermint.json to get the new updated list)
  • Also added these and flac (which was already allowed as an upload by default) to the data size calculator on ?action=help&dev=yes

Fixed

• [security] Fixed some potential XSS attacks in the page editor
• [security] Fix stored XSS attack in the wiki name via the first run wizard CVE-2021-38600; low severity since it requires the site secret to do the initial setup & said initial setup can only be performed once
• [security] Fix reflected XSS attacks (arbitrary code execution in the user's browser) via the many different GET parameters in many different modules
• [security] Automatically run page titles through htmlentities()
• Fixed a weird bug in the stats-update action causing warnings
• search: Properly apply weightings of matches in page titles and tags
• Improved error handling on first run where the PHP Zip extension is not installed
• Also extract to ._extra_data if the directory is empty
• Add sidebar_show to the settings GUI and the configuration guide
• Fix crash when using the search bar with PHP 8.0+
• Prefix the default value of the logo_url setting with https:
• Fix display of subpages in the sidebar, and also wrap subpage lists in a <details /> element to allow collapsing them
• Fix file upload error handling logic - a proper error page is now sent to the client
• Create theme gallery help section instead of overwriting the one entitled "Jumping to a random page".
• Fix broken character in recent changes log entry when moving pages

After a record-breaking number of beta releases, it's finally that time again: another new stable release!

Check out the major new features:

• 📖 Reading time estimations (on by default, toggle with the readingtime_enabled setting)
• ⛅ Similar page suggestions at the bottom of the page, powered by the search index (on by default, toggle with the similarpages_enabled / similarpages_count settings)
• 📝 New syntax features: checkboxes, highlighted text, spoiler text, super/subscript, automatic table of contents - check the inbuilt help page for details
• 📑 Uploaded PDFs can now be embedded into pages (older wikis make sure that application/pdf is present in the upload_allowed_file_types setting)
• 🍪 Improved cookie security: PHP 7.3+ recommended

Some notes for admins:

• Make sure you have PHP 7.3+ when you update past this point!
• Owners of existing wikis need to ensure that the upload_allowed_file_types setting in peppermint.json contains application/pdf
• New policy: Only officially supported versions of PHP are officially supported by Pepperminty Wiki.
  • If you encounter issues using an unsupported version of PHP, please update before opening an issue.

Special thanks to @virtadpt and @SeanFromIT for reporting bugs in this beta release cycle.

Have you updated to this release? Click this link to say hi!

This release also has an experimental GPG and SHA256 hashes file attached. My GPG key is C2F7843F9ADF9FEE264ACB9CC1C6C0BB001E1725 - please open an issue if you encounter any issues 🙂

Updating

You can update to this release simply by grabbing an updated copy of index.php and replacing the version in your current wiki (don't forget to take backups! I make every effort to squash as many bugs as possible, but you can never be too certain). You can get an updated copy of index.php in a number of ways:

• By downloading the index.php file attached to this release
• Using the online downloader (always has the latest stable version)
• Using the online downloader offline
• Building your own from source

For more information on the last 2 methods, please see the documentation for more information.

For those who want to contribute financially as a thank you, I've recently setup a Liberapay to accept donations. It's certainly not required, but would definitely help me out :-) If you want to contribute but Liberapay isn't for you, please let me know (e.g. open an issue, see my website for more contact options)

Since VERSION_NUMBER_HERE

FULL_CHANGELOG_HERE

Since v0.22-beta3

No changes were made since the last beta release

Since v0.22-beta2

Changed

• Don't emit custom CSS unless there's something to emit

Fixed

• Fixed inbody:searchterm advanced query syntax
• Fixed inaccessible colours in the page list when using the dark theme
• Fixed invalid HTML generated by new hide_email implementation

Since v0.22-beta1

Added

• Added dark theme via prefers-color-scheme to configuration guide (see the stable channel guide here - will only be updated when v0.22 is released)
• Added link thingy you can click next to each setting to jump right to it
• [docs] Documented the structure of pageindex.json and recentchanges.json

Fixed

• Obfuscate the admin email address at the bottom of every page - we missed it in v0.22-beta1 (but got every other one though :P) (#205)
• Bugfix: Don't use ->text() for recursion when parsing markdown - it resets ->DefinitionData, which breaks footnotes (#209)
• Fix name of did you mean index: didyoumeaninddex.sqlite → didyoumeanindex.sqlite (feature is disabled by default; manual renaming required)

Changed

• Disable parser cache by default to avoid issues because said cache isn't invalidated when it should be (and doing so would take more of a performance hit than leaving it on)

Since v0.21.1-hotfix1

Make sure you have PHP 7.3+ when you update past this point! It isn't the end of the world if you don't, but it will make you more secure if you do.

Added

• [Module Api] Add new search::invindex_term_getpageids, and search::invindex_term_getoffsets, and search::index_sort_freq methods
• [Module Api] Add new ends_with and filepath_to_pagename core functions
• Added new syntax features to PeppermintParsedown, inspired by ParsedownExtreme (which we couldn't get to work, and it wasn't working before as far as I can tell)
  • Checkboxes: [ ] and [x] after a bullet point or at the start of a line
  • Marked / highlighted text: Some text ==marked text== more text
  • Spoiler text: Some text >!spoiler!< more text or Some text ||spoiler|| more text
  • Superscript: Some text^superscript^ more text
  • Subscript: Some text~subscript~ more text
• Added automatic table of contents! (#155)
  • Put [__TOC__] on a line by itself to insert an automatic table of contents
  • Note that the level of heading generated can be controlled (or even removed) by the new parser_toc_heading_level setting
• Add <meta name="theme-color" content="value" /> support with the new theme_colour setting. More information: MDN, caniuse. Also used by some platforms to customise embed accents when generating a rich snippet (e.g. Discord).
• Added reading time estimate to the top of wiki pages - control it with the new readingtime_enabled setting (#172)
  • The algorithm used to estimate reading times is the as the one used in Firefox's reader mode
• Added similar page suggestions between the bottom of the page content and the comments - control it with the new similarpages_enabled and similarpages_count settings.
• Added absolute redirect support - use it like this: # REDIRECT [display text](INSERT_REDIRECT_URL_HERE)
  • It's disabled by default due to potential security issues with untrusted editors - enable it with the new redirect_absolute_enable setting (default: false)
• Added new settings to control various features more precisely
  • comment_enabled controls whether anyone is allowed to comment at all or not
  • comment_hide_all determines whether the commenting system displays anything at all (if disabled, it's (almost) like the feature-comments doesn't exist - consider using the downloader to exclude the commenting system instead of enabling this setting)
  • avatars_gravatar_enabled determines whether redirects to gravatar.com should be performed if a user hasn't yet uploaded an avatar (if disabled then a blank image is returned instead of a redirect).
• PDF previews now show the browser's UI when embedded in pages with the ![alt text](File/somefile.png) syntax
• [Rest API] Add new typeheader GET parameter to raw action (ref Firefox bug 1319262)

Changed

• New policy: Only officially supported versions of PHP are officially supported by Pepperminty Wiki.
• Fiddled with Parsedown & ParsedownExtra versions
• Removed ParsedownExtreme, as it wasn't doing anything useful anyway
  • Don't worry, we've absorbed all the useful features (see above)
  • NOTE TO SELF: Don't forget to update wikimatrix.org when we next make a stable release! (if you are reading this in the release notes for a stable release, please get in touch)
• Enabled horizontal resize handle on sidebar (but it doesn't persist yet)
• [security] SameSite=Strict is now set on all cookies in PHP 7.3+
  • This prevents session-stealing attacks from third-party origins
  • This complies with the new samesite cookies rules.
  • A warning is generated in PHP 7.2 and below = please upgrade to PHP 7.3+! (#200)
• [security] The Secure cookie flag is now automatically added when clients use HTTPS to prevent downgrade-based session stealing attacks (control this with the new cookie_secure setting)
• Standardised prefixes to (most) error_log() calls to aid clarity in multi-wiki environments
• Improved pageindex rebuilder algorithm to search for and import history revisions - this helps when converting data from another wiki format
• Improved spam protection when hiding email addresses. Javascript is now required to decode email addresses - please get in touch if this is a problem for whatever reason. I take accessibility very seriously.
• Bump weighting of title and tag matches in search results (delete the search_title_matches_weighting and search_tags_matches_weighting settings to get the new weightings)

Fixed

• Squashed a warning when using the fenced code block syntax
• If a redirect page sends you to create a page that doesn't exist, a link back to the redirect page itself is now displayed
• Really fix bots getting into infinite loops on the login page this time by marking all login pages as noindex, nofollow with a robots <meta /> tag
• Navigating to a redirect page from a page list or the recent changes list will no longer cause you to automatically follow the redirect
• Limited sidebar size to 20% of the screen width at most
• Fix the large blank space problem in all themes
• Squashed the text \A appearing before tags at the bottom of pages for some users (ref)
• Fixed an issue causing uploaded avatars not to render
• Fixed an obscure bug in the search engine when excluding terms that appear both in a page's title and body
• Squashed a warning at the top of search results (more insight is needed though to squash the inconsistencies in the search index that creep in though)
• Removed annoying scrollbars when editing long pages
• Fixed an obscure warning when previewing PDFs (#202)
• Ensure that the parent page exists when moving a page to be a child of a non-existent parent (#201)
• Fixed templating (#203)
• Fixed warning from statistics engine during firstrun wizard

Another beta release! I should have released this earlier, but I've been really busy with my PhD recently. Anyway, despite the larger-than-usual number of changes in this release, I'm pretty confident that we've got all the showstoppers squashed in this one. If all goes well, I'll be releasing the stable version of v0.22 in 1 week's time (to give everyone time to test this release).

This beta release also marks a new record for the most number of beta releases before a stable release!

Have you updated to this release? Click this link to say hi!

This release also has an experimental GPG and SHA256 hashes file attached. My GPG key is C2F7843F9ADF9FEE264ACB9CC1C6C0BB001E1725 - please open an issue if you encounter any issues 🙂

Updating

You can update to this release simply by grabbing an updated copy of index.php and replacing the version in your current wiki (don't forget to take backups! I make every effort to squash as many bugs as possible, but you can never be too certain). You can get an updated copy of index.php in a number of ways:

• By downloading the index.php file attached to this release
• Using the online downloader (always has the latest stable version)
• Using the online downloader offline
• Building your own from source

For more information on the last 2 methods, please see the documentation for more information.

For those who want to contribute financially as a thank you, I've recently setup a Liberapay to accept donations. It's certainly not required, but would definitely help me out :-) If you want to contribute but Liberapay isn't for you, please let me know (e.g. open an issue, see my website for more contact options)

Since v0.22-beta2

Changed

• Don't emit custom CSS unless there's something to emit

Fixed

• Fixed inbody:searchterm advanced query syntax
• Fixed inaccessible colours in the page list when using the dark theme
• Fixed invalid HTML generated by new hide_email implementation

This is the 2nd beta release for v0.22! Thanks to @SeanFromIT and @viradpt for the bug reports (#205, #209, and more over Gitter)

Have you updated to this release? Click this link to say hi!

This release also has an experimental GPG and SHA256 hashes file attached. My GPG key is C2F7843F9ADF9FEE264ACB9CC1C6C0BB001E1725 - please open an issue if you encounter any issues 🙂

Updating

You can update to this release simply by grabbing an updated copy of index.php and replacing the version in your current wiki (don't forget to take backups! I make every effort to squash as many bugs as possible, but you can never be too certain). You can get an updated copy of index.php in a number of ways:

• By downloading the index.php file attached to this release
• Using the online downloader (always has the latest stable version)
• Using the online downloader offline
• Building your own from source

For more information on the last 2 methods, please see the documentation for more information.

For those who want to contribute financially as a thank you, I've recently setup a Liberapay to accept donations. It's certainly not required, but would definitely help me out :-) If you want to contribute but Liberapay isn't for you, please let me know (e.g. open an issue, over Gitter, see my website for more contact options)

Since v0.22-beta1

Added

• Added dark theme via prefers-color-scheme to configuration guide (see the stable channel guide here - will only be updated when v0.22 is released)
• Added link thingy you can click next to each setting to jump right to it
• [docs] Documented the structure of pageindex.json and recentchanges.json

Fixed

• Obfuscate the admin email address at the bottom of every page - we missed it in v0.22-beta1 (but got every other one though :P) (#205)
• Bugfix: Don't use ->text() for recursion when parsing markdown - it resets ->DefinitionData, which breaks footnotes (#209)
• Fix name of did you mean index: didyoumeaninddex.sqlite → didyoumeanindex.sqlite (feature is disabled by default; manual renaming required)

Changed

• Disable parser cache by default to avoid issues because said cache isn't invalidated when it should be (and doing so would take more of a performance hit than leaving it on)

Since v0.21.1-hotfix1

Make sure you have PHP 7.3+ when you update past this point! It isn't the end of the world if you don't, but it will make you more secure if you do.

Added

• [Module Api] Add new search::invindex_term_getpageids, and search::invindex_term_getoffsets, and search::index_sort_freq methods
• [Module Api] Add new ends_with and filepath_to_pagename core functions
• Added new syntax features to PeppermintParsedown, inspired by ParsedownExtreme (which we couldn't get to work, and it wasn't working before as far as I can tell)
  • Checkboxes: [ ] and [x] after a bullet point or at the start of a line
  • Marked / highlighted text: Some text ==marked text== more text
  • Spoiler text: Some text >!spoiler!< more text or Some text ||spoiler|| more text
  • Superscript: Some text^superscript^ more text
  • Subscript: Some text~subscript~ more text
• Added automatic table of contents! (#155)
  • Put [__TOC__] on a line by itself to insert an automatic table of contents
  • Note that the level of heading generated can be controlled (or even removed) by the new parser_toc_heading_level setting
• Add <meta name="theme-color" content="value" /> support with the new theme_colour setting. More information: MDN, caniuse. Also used by some platforms to customise embed accents when generating a rich snippet (e.g. Discord).
• Added reading time estimate to the top of wiki pages - control it with the new readingtime_enabled setting (#172)
  • The algorithm used to estimate reading times is the as the one used in Firefox's reader mode
• Added similar page suggestions between the bottom of the page content and the comments - control it with the new similarpages_enabled and similarpages_count settings.
• Added absolute redirect support - use it like this: # REDIRECT [display text](INSERT_REDIRECT_URL_HERE)
  • It's disabled by default due to potential security issues with untrusted editors - enable it with the new redirect_absolute_enable setting (default: false)
• Added new settings to control various features more precisely
  • comment_enabled controls whether anyone is allowed to comment at all or not
  • comment_hide_all determines whether the commenting system displays anything at all (if disabled, it's (almost) like the feature-comments doesn't exist - consider using the downloader to exclude the commenting system instead of enabling this setting)
  • avatars_gravatar_enabled determines whether redirects to gravatar.com should be performed if a user hasn't yet uploaded an avatar (if disabled then a blank image is returned instead of a redirect).
• PDF previews now show the browser's UI when embedded in pages with the ![alt text](File/somefile.png) syntax
• [Rest API] Add new typeheader GET parameter to raw action (ref Firefox bug 1319262)

Changed

• New policy: Only officially supported versions of PHP are officially supported by Pepperminty Wiki.
• Fiddled with Parsedown & ParsedownExtra versions
• Removed ParsedownExtreme, as it wasn't doing anything useful anyway
  • Don't worry, we've absorbed all the useful features (see above)
  • NOTE TO SELF: Don't forget to update wikimatrix.org when we next make a stable release! (if you are reading this in the release notes for a stable release, please get in touch)
• Enabled horizontal resize handle on sidebar (but it doesn't persist yet)
• [security] SameSite=Strict is now set on all cookies in PHP 7.3+
  • This prevents session-stealing attacks from third-party origins
  • This complies with the new samesite cookies rules.
  • A warning is generated in PHP 7.2 and below = please upgrade to PHP 7.3+! (#200)
• [security] The Secure cookie flag is now automatically added when clients use HTTPS to prevent downgrade-based session stealing attacks (control this with the new cookie_secure setting)
• Standardised prefixes to (most) error_log() calls to aid clarity in multi-wiki environments
• Improved pageindex rebuilder algorithm to search for and import history revisions - this helps when converting data from another wiki format
• Improved spam protection when hiding email addresses. Javascript is now required to decode email addresses - please get in touch if this is a problem for whatever reason. I take accessibility very seriously.
• Bump weighting of title and tag matches in search results (delete the search_title_matches_weighting and search_tags_matches_weighting settings to get the new weightings)

Fixed

• Squashed a warning when using the fenced code block syntax
• If a redirect page sends you to create a page that doesn't exist, a link back to the redirect page itself is now displayed
• Really fix bots getting into infinite loops on the login page this time by marking all login pages as noindex, nofollow with a robots <meta /> tag
• Navigating to a redirect page from a page list or the recent changes list will no longer cause you to automatically follow the redirect
• Limited sidebar size to 20% of the screen width at most
• Fix the large blank space problem in all themes
• Squashed the text \A appearing before tags at the bottom of pages for some users (ref)
• Fixed an issue causing uploaded avatars not to render
• Fixed an obscure bug in the search engine when excluding terms that appear both in a page's title and body
• Squashed a warning at the top of search results (more insight is needed though to squash the inconsistencies in the search index that creep in though)
• Removed annoying scrollbars when editing long pages
• Fixed an obscure warning when previewing PDFs (#202)
• Ensure that the parent page exists when moving a page to be a child of a non-existent parent (#201)
• Fixed templating (#203)
• Fixed warning from statistics engine during firstrun wizard

Hello and welcome to another beta release of Pepperminty Wiki! Check out the major new features:

• 📖 Reading time estimations (on by default, toggle with the readingtime_enabled setting)
• ⛅ Similar page suggestions at the bottom of the page, powered by the search index (on by default, toggle with the similarpages_enabled / similarpages_count settings)
• 📝 New syntax features: checkboxes, highlighted text, spoiler text, super/subscript, automatic table of contents - check the inbuilt help page for details
• 📑 Uploaded PDFs can now be embedded into pages (older wikis make sure that application/pdf is present in the upload_allowed_file_types setting)
• 🍪 Improved cookie security: PHP 7.3+ recommended

.....and lots of other bugfixes and new features! Check the full changelog at the bottom of these release notes for the full details.

Regarding the reading time and similar page suggestions, I'm still a little unsure about it. What to you think? Please fill out this strawpoll by Tuesday 11th August 2020 12pm GMT (after which I'll be looking to make final adjustments before making another beta release / the stable release) - it would be really helpful!

Notes for admins

Like the last stable release, there are a few things that admins should be aware of:

• If you're updating from before v0.21.1-hotfix1, please change your wiki secret. This is really important, as v0.21.1-hotfix1 fixes a critical security issue.
• I have a new policy: Only officially supported versions of PHP will be supported by Pepperminty Wiki. This just ensures that I have a clear line that I can draw on the subject.
• Speaking of PHP versions, PHP 7.3+ is highly recommended going forwards. SameSite=Strict is now set on all cookies to comply with the new cookie handling being introduced into browsers, but only in PHP 7.3+.
• Some users have reported issues with the search engine after updating to this release. Rebuilding the search index may be required (use the CLI with php index.php exec search rebuild, or navigate to the master settings and hit the rebuild button)
• Set the new theme_colour setting to enable extra coolness in some browsers and when generating embeds in places like Discord 🙂

Have you updated to this release? Click this link to say hi!

This release also has an experimental GPG and SHA256 hashes file attached. My GPG key is C2F7843F9ADF9FEE264ACB9CC1C6C0BB001E1725 - please open an issue if you encounter any issues 🙂

Updating

You can update to this release simply by grabbing an updated copy of index.php and replacing the version in your current wiki (don't forget to take backups! I make every effort to squash as many bugs as possible, but you can never be too certain). You can get an updated copy of index.php in a number of ways:

• By downloading the index.php file attached to this release
• Using the online downloader offline
• Building your own from source

For more information on the last 2 methods, please see the documentation for more information.

Since v0.21.1-hotfix1

Make sure you have PHP 7.3+ when you update past this point! It isn't the end of the world if you don't, but it will make you more secure if you do.

Added

• [Module Api] Add new search::invindex_term_getpageids, and search::invindex_term_getoffsets, and search::index_sort_freq methods
• [Module Api] Add new ends_with and filepath_to_pagename core functions
• Added new syntax features to PeppermintParsedown, inspired by ParsedownExtreme (which we couldn't get to work, and it wasn't working before as far as I can tell)
  • Checkboxes: [ ] and [x] after a bullet point or at the start of a line
  • Marked / highlighted text: Some text ==marked text== more text
  • Spoiler text: Some text >!spoiler!< more text or Some text ||spoiler|| more text
  • Superscript: Some text^superscript^ more text
  • Subscript: Some text~subscript~ more text
• Added automatic table of contents! (#155)
  • Put [__TOC__] on a line by itself to insert an automatic table of contents
  • Note that the level of heading generated can be controlled (or even removed) by the new parser_toc_heading_level setting
• Add <meta name="theme-color" content="value" /> support with the new theme_colour setting. More information: MDN, caniuse. Also used by some platforms to customise embed accents when generating a rich snippet (e.g. Discord).
• Added reading time estimate to the top of wiki pages - control it with the new readingtime_enabled setting (#172)
  • The algorithm used to estimate reading times is the as the one used in Firefox's reader mode
• Added similar page suggestions between the bottom of the page content and the comments - control it with the new similarpages_enabled and similarpages_count settings.
• Added absolute redirect support - use it like this: # REDIRECT [display text](INSERT_REDIRECT_URL_HERE)
  • It's disabled by default due to potential security issues with untrusted editors - enable it with the new redirect_absolute_enable setting (default: false)
• Added new settings to control various features more precisely
  • comment_enabled controls whether anyone is allowed to comment at all or not
  • comment_hide_all determines whether the commenting system displays anything at all (if disabled, it's (almost) like the feature-comments doesn't exist - consider using the downloader to exclude the commenting system instead of enabling this setting)
  • avatars_gravatar_enabled determines whether redirects to gravatar.com should be performed if a user hasn't yet uploaded an avatar (if disabled then a blank image is returned instead of a redirect).
• PDF previews now show the browser's UI when embedded in pages with the ![alt text](File/somefile.png) syntax
• [Rest API] Add new typeheader GET parameter to raw action (ref Firefox bug 1319262)

Changed

• New policy: Only officially supported versions of PHP are officially supported by Pepperminty Wiki.
• Fiddled with Parsedown & ParsedownExtra versions
• Removed ParsedownExtreme, as it wasn't doing anything useful anyway
  • Don't worry, we've absorbed all the useful features (see above)
  • NOTE TO SELF: Don't forget to update wikimatrix.org when we next make a stable release! (if you are reading this in the release notes for a stable release, please get in touch)
• Enabled horizontal resize handle on sidebar (but it doesn't persist yet)
• [security] SameSite=Strict is now set on all cookies in PHP 7.3+
  • This prevents session-stealing attacks from third-party origins
  • This complies with the new samesite cookies rules.
  • A warning is generated in PHP 7.2 and below = please upgrade to PHP 7.3+! (#200)
• [security] The Secure cookie flag is now automatically added when clients use HTTPS to prevent downgrade-based session stealing attacks (control this with the new cookie_secure setting)
• Standardised prefixes to (most) error_log() calls to aid clarity in multi-wiki environments
• Improved pageindex rebuilder algorithm to search for and import history revisions - this helps when converting data from another wiki format
• Improved spam protection when hiding email addresses. Javascript is now required to decode email addresses - please get in touch if this is a problem for whatever reason. I take accessibility very seriously.
• Bump weighting of title and tag matches in search results (delete the search_title_matches_weighting and search_tags_matches_weighting settings to get the new weightings)

Fixed

• Squashed a warning when using the fenced code block syntax
• If a redirect page sends you to create a page that doesn't exist, a link back to the redirect page itself is now displayed
• Really fix bots getting into infinite loops on the login page this time by marking all login pages as noindex, nofollow with a robots <meta /> tag
• Navigating to a redirect page from a page list or the recent changes list will no longer cause you to automatically follow the redirect
• Limited sidebar size to 20% of the screen width at most
• Fix the large blank space problem in all themes
• Squashed the text \A appearing before tags at the bottom of pages for some users (ref)
• Fixed an issue causing uploaded avatars not to render
• Fixed an obscure bug in the search engine when excluding terms that appear both in a page's title and body
• Squashed a warning at the top of search results (more insight is needed though to squash the inconsistencies in the search index that creep in though)
• Removed annoying scrollbars when editing long pages
• Fixed an obscure warning when previewing PDFs (#202)
• Ensure that the parent page exists when moving a page to be a child of a non-existent parent (#201)
• Fixed templating (#203)
• Fixed warning from statistics engine during firstrun wizard

Oh, my! I think this is the fastest I've ever gotten a hotfix out. I've found a serious security issue in Pepperminty Wiki which must be fixed right away! Please update to this release as soon as possible.

Please also edit the value of the secret property in peppermint.json, as it may have been compromised.

Edit: On the subject of security, this is now the first release that has experimental SHA256 hashes that are signed with GPG. Future releases will always be signed in the same way. My GPG key id is C2F7843F9ADF9FEE264ACB9CC1C6C0BB001E1725 (let me know if you encounter any issues.

Note that this is a maintenance release that backports some urgent bugfixes to v0.21. Current development efforts are focused on v0.22. The work-in-progress changelog for v0.22 can be found here.

Have you updated to this release? Click this link to say hi!

Updating

You can update to this release simply by grabbing an updated copy of index.php and replacing the version in your current wiki (don't forget to take backups! I make every effort to squash as many bugs as possible, but you can never be too certain). You can get an updated copy of index.php in a number of ways:

• By downloading the index.php file attached to this release
• Using the online downloader (always has the latest stable version)
• Using the online downloader offline
• Building your own from source

For more information on the last 2 methods, please see the documentation for more information.

Since v0.21

• [security] Fix security issue in the debug action

Welcome, one and all! It's time for Pepperminty Wiki v0.21! 🎉🎉🎉 In ~5 months and 24 days, 138 commits and 3 hotfixes(!) have been made to bring you v0.21 - with lots of new features to check out. This is another huge release. Check out the feature summary:

• 🔭 Watchlists: Get an email when a page is updated (assuming you have email setup in your PHP installation)
• 📱 Improved mobile support: There's still a ways to go, but it's much better than it was. Open an issue if you've got any suggestions for improvement, no matter how small
• 🎷 Autocomplete tags: Tags now autocomplete when editing pages
• 🐚 A command-line interface: Pepperminty Wiki now has a command-line interface, where you can do things like update the search index. Check out the docs for more info
• 🎥 Added markdown support to media captions: Fancy media captions are now at your fingertips! Just add markdown to the alt portion of the image tag (#184)

Lots of other gems can be found in the full changelog below, so take a look :D

Also, Pepperminty Wiki now has a website! I built it with Eleventy.

A few things to note for admins:

• The CLI will never be required to do things. Its goal is to provide an alternative interface (particularly for larger wikis and those who want to automate stuff via shell scripting).
• A working PHP email setup is required for the watchlist to work
• A new button has been added to the nav_links_extra mega menu. You'll need to delete the nav_links_extra entry from your peppermint.json in order for this to show up.
• Search index performance has been improved. Again :D This requires regenerating the search index after updating.
• Email address verification: Enabled by default. Users will now need to verify their email addresses. An easy fix is to edit your profile re-enter your email address to receive the verification email

Wow, that's a lot! The full changelog can be found below as usual. Before I end this message though, I just want to ask:

Please help test this release.

I mean it. This release comes with a number of huge fundamental changes (large and small), some of which are incremental in a series across the last few releases. Particularly of note is the command-line interface - that required massive backend changes.

Help would be really appreciated to find issues before the big main stable release in about a week's time (unless issues are found). While hotfixes are fun, I'd prefer to keep them to a minimum :P

Even if you just want to share an "implementation report" (a short summary of your experience upgrading), I'd really appreciate the feedback :-)

--Starbeamrainbowlabs

Have you updated to this release? Click this link to say hi!

Updating

You can update to this release simply by grabbing an updated copy of index.php and replacing the version in your current wiki (don't forget to take backups! I make every effort to squash as many bugs as possible, but you can never be too certain). You can get an updated copy of index.php in a number of ways:

• By downloading the index.php file attached to this release
• Using the online downloader (always has the latest stable version)
• Using the online downloader offline
• Building your own from source

For more information on the last 2 methods, please see the documentation for more information.

Since v0.21-beta1

Fixed

• Make PEPPERMINT_THEME environment variable work again when compiling on the command line
• Fixed invalid HTML that was causing layout issues on the master settings page

Since v0.20.4-hotfix4

Added

• Watchlists! A new addition has been added to the more menu to add the current page to your personal watchlist
  • An email will be sent to all users watching a page when an edit is saved to it (uses the PHP mail() function internally, via the email_user() internal Pepperminty Wiki utility function)
• Email address verification
  • Enabled by default. In order to receive emails users now need to verify their email address
  • This is done via a verification email that's sent when you change your email address (even if your email address is the same when you change your preferences and you haven't yet verified it)
  • A new email_verify_addresses setting has been added to control the functionality
• Added dark theme to the downloader (will be updated at the next stable release)
• Added initial mobile theme support to the default theme
  • There's still a bunch of work to do in this department, but it's a bit of a challenge to do so without breaking desktop support
• Added autocomplete for tags when editing pages, powered by Awesomplete
  • The new editing_tags_autocomplete setting - enabled by default - toggles it, but why would you want to turn it off? :P
  • It should be reasonably accessible, judging from all the aria tags I'm seeing
  • Get in touch if you experience performance issues with fetching tag lists from your wiki
• A command-line interface!
  • Wiki administrators with terminal/console access can now make use of a brand-new CLI by executing php ./index.php (warning: strange things will happen if the current working directory is not the directory that contains index.php and peppermint.json)
• Added new anoncomments setting to control whether anonymous users are allowed to make comments (disabled by default) - thanks to @SeanFromIT for suggesting it in #181
• Added markdown support for media captions (#184)
• Finally: Experimental didyoumean support. Ever made a typo in a search query? The new didyoumean engine can correct query terms that are up to 2 characters out!
  • It's disabled by default (check out the new search_didyoumean_enabled setting), as it enabling it comes with a significant performance impact when typos are corrected (~0.8s-ish / typo is currently observed)
  • Uses the words in the search index as a base for corrections (so if you have a typo on a page, then it will correct it to the typo)
  • The index does not currently update when you edit a page - this feature is still very experimental (please report any issues)
  • A typo is a search query term that is both not a stop word and not found in the search index

Fixed

• Fixed weighted word support on search query analysis debug page

• Added missing apostrophes to stop words in search system. Regenerating your search index will now yield a slightly smaller index

• Fixed link loop when logging in for crawlers

• [security] Bugfix: Don't leak the PHP version in emails when expose_php is turned off

• Fixed handling of Unicode characters when emailing users - added new email_subject_utf8 and email_body_utf8 settings to control the new behaviour

• Add new email_debug_dontsend setting for debugging emails sent by Pepperminty Wiki

• Fixed pressing alt + enter to open a search in a new tab - it should no longer fail and briefly prompt to allow pop-ups

• Squashed a bug in the new upgraded get/set_array_simple search optimisation

• Updated Parsedown to squash warning in PHP 7.4+

• Trailing commas in the tags box will no longer result in empty tags being added to pages.

• Minor UI fixes

  • Multiple tags in search results and on page lists now have a margin between them

• Newline characters (\r and \n) are now replaced with spaces in internal links (#186, thanks @SeanFromIT!)

• Inbuilt help documentation corrections (#185, thanks @SeanFromIT!)

• Fixed a warning message when a file fails to upload (thanks for the test file, @SeanFromIT)

• Really fix the dot problem from v0.20.3-hotfix3 that @SeanFromIT reported

• Make PEPPERMINT_THEME environment variable work again when compiling on the command line

• Fixed invalid HTML that was causing layout issues on the master settings page

Changed

• Improved the search indexing system performance - again
  • Another search index rebuild is required
• Optimisation: Don't generate the list of pages for the datalist if it isn't going to be displayed (especially noticeable on wikis with lots of pages)
• Optimisation: Don't load the statistics index if it's not needed (also esp. noticeable on wikis with lots of pages)
• Optimisation: Refactor stas_split() to be faster (informal testing shows ~18% faster → 4% total time)
• [Module Api] Optimisation: Remove search::transliterate because it has a huge overhead. Use search::$literator->transliterate() instead.
• [Module Api] Add new absolute and html optional boolean arguments to render_timestamp()
• [Module Api] search::extract_context() and search::highlight_context() now take in a parsed query (with search::stas_parse()), not a raw string

Known bugs

• Wow, a new section! Haven't seen one of these before. Hopefully we don't see it too often.....
• The didyoumean search query typo correction engine does not currently update it's index when you save an edit to a page (the typo correction engine is still under development).

Welcome, one and all! It's time for the very first beta release of Pepperminty Wiki v0.21! 🎉🎉🎉 In ~5 months and 14 days, 132 commits and 3 hotfixes(!) have been made to bring you v0.21 - with lots of new features to check out. This is another huge release. Check out the feature summary:

• 🔭 Watchlists: Get an email when a page is updated (assuming you have email setup in your PHP installation)
• 📱 Improved mobile support: There's still a ways to go, but it's much better than it was. Open an issue if you've got any suggestions for improvement, no matter how small
• 🎷 Autocomplete tags: Tags now autocomplete when editing pages
• 🐚 A command-line interface: Pepperminty Wiki now has a command-line interface, where you can do things like update the search index. Check out the docs for more info
• 🎥 Added markdown support to media captions: Fancy media captions are now at your fingertips! Just add markdown to the alt portion of the image tag (#184)

Lots of other gems can be found in the full changelog below, so take a look :D

A few things to note for admins:

• The CLI will never be required to do things. Its goal is to provide an alternative interface (particularly for larger wikis and those who want to automate stuff via shell scripting).
• A working PHP email setup is required for the watchlist to work
• A new button has been added to the nav_links_extra mega menu. You'll need to delete the nav_links_extra entry from your peppermint.json in order for this to show up.
• Search index performance has been improved. Again :D This requires regenerating the search index after updating.
• Email address verification: Enabled by default. Users will now need to verify their email addresses. An easy fix is to edit your profile re-enter your email address to receive the verification email

Wow, that's a lot! The full changelog can be found below as usual. Before I end this message though, I just want to ask:

Please help test this release.

I mean it. This release comes with a number of huge fundamental changes (large and small), some of which are incremental in a series across the last few releases. Particularly of note is the command-line interface - that required massive backend changes.

Help would be really appreciated to find issues before the big main stable release in about a week's time (unless issues are found). While hotfixes are fun, I'd prefer to keep them to a minimum :P

Even if you just want to share an "implementation report" (a short summary of your experience upgrading), I'd really appreciate the feedback :-)

--Starbeamrainbowlabs

Have you updated to this release? Click this link to say hi!

Updating

You can update to this release simply by grabbing an updated copy of index.php and replacing the version in your current wiki (don't forget to take backups! I make every effort to squash as many bugs as possible, but you can never be too certain). You can get an updated copy of index.php in a number of ways:

• By downloading the index.php file attached to this release
• Using the online downloader (always has the latest stable version)
• Using the online downloader offline
• Building your own from source

For more information on the last 2 methods, please see the documentation for more information.

Since v0.20.4-hotfix4

Added

• Watchlists! A new addition has been added to the more menu to add the current page to your personal watchlist
  • An email will be sent to all users watching a page when an edit is saved to it (uses the PHP mail() function internally, via the email_user() internal Pepperminty Wiki utility function)
• Email address verification
  • Enabled by default. In order to receive emails users now need to verify their email address
  • This is done via a verification email that's sent when you change your email address (even if your email address is the same when you change your preferences and you haven't yet verified it)
  • A new email_verify_addresses setting has been added to control the functionality
• Added dark theme to the downloader (will be updated at the next stable release)
• Added initial mobile theme support to the default theme
  • There's still a bunch of work to do in this department, but it's a bit of a challenge to do so without breaking desktop support
• Added autocomplete for tags when editing pages, powered by Awesomplete
  • The new editing_tags_autocomplete setting - enabled by default - toggles it, but why would you want to turn it off? :P
  • It should be reasonably accessible, judging from all the aria tags I'm seeing
  • Get in touch if you experience performance issues with fetching tag lists from your wiki
• A command-line interface!
  • Wiki administrators with terminal/console access can now make use of a brand-new CLI by executing php ./index.php (warning: strange things will happen if the current working directory is not the directory that contains index.php and peppermint.json)
• Added new anoncomments setting to control whether anonymous users are allowed to make comments (disabled by default) - thanks to @SeanFromIT for suggesting it in #181
• Added markdown support for media captions (#184)
• Finally: Experimental didyoumean support. Ever made a typo in a search query? The new didyoumean engine can correct query terms that are up to 2 characters out!
  • It's disabled by default (check out the new search_didyoumean_enabled setting), as it enabling it comes with a significant performance impact when typos are corrected (~0.8s-ish / typo is currently observed)
  • Uses the words in the search index as a base for corrections (so if you have a typo on a page, then it will correct it to the typo)
  • The index does not currently update when you edit a page - this feature is still very experimental (please report any issues)
  • A typo is a search query term that is both not a stop word and not found in the search index

Fixed

• Fixed weighted word support on search query analysis debug page
• Added missing apostrophes to stop words in search system. Regenerating your search index will now yield a slightly smaller index
• Fixed link loop when logging in for crawlers
• [security] Bugfix: Don't leak the PHP version in emails when expose_php is turned off
• Fixed handling of Unicode characters when emailing users - added new email_subject_utf8 and email_body_utf8 settings to control the new behaviour
• Add new email_debug_dontsend setting for debugging emails sent by Pepperminty Wiki
• Fixed pressing alt + enter to open a search in a new tab - it should no longer fail and briefly prompt to allow pop-ups
• Squashed a bug in the new upgraded get/set_array_simple search optimisation
• Updated Parsedown to squash warning in PHP 7.4+
• Trailing commas in the tags box will no longer result in empty tags being added to pages.
• Minor UI fixes
  • Multiple tags in search results and on page lists now have a margin between them
• Newline characters (\r and \n) are now replaced with spaces in internal links (#186, thanks @SeanFromIT!)
• Inbuilt help documentation corrections (#185, thanks @SeanFromIT!)
• Fixed a warning message when a file fails to upload (thanks for the test file, @SeanFromIT)
• Really fix the dot problem from v0.20.3-hotfix3 that @SeanFromIT reported

Changed

• Improved the search indexing system performance - again
  • Another search index rebuild is required
• Optimisation: Don't generate the list of pages for the datalist if it isn't going to be displayed (especially noticeable on wikis with lots of pages)
• Optimisation: Don't load the statistics index if it's not needed (also esp. noticeable on wikis with lots of pages)
• Optimisation: Refactor stas_split() to be faster (informal testing shows ~18% faster → 4% total time)
• [Module Api] Optimisation: Remove search::transliterate because it has a huge overhead. Use search::$literator->transliterate() instead.
• [Module Api] Add new absolute and html optional boolean arguments to render_timestamp()
• [Module Api] search::extract_context() and search::highlight_context() now take in a parsed query (with search::stas_parse()), not a raw string

Known bugs

• Wow, a new section! Haven't seen one of these before. Hopefully we don't see it too often.....
• The didyoumean search query typo correction engine does not currently update it's index when you save an edit to a page (the typo correction engine is still under development).

Hey look - another wild hotfix appeared! Thanks to @SeanFromIT, 2 nasty bugs have been squashed in this release.

When merging their PR I only realised that it was merging into the hotfix branch after I'd done it, so decided to make another hotfix release 🙂

Note that this is a maintenance release that backports some urgent bugfixes to v0.20. Current development efforts are focused on v0.21. The work-in-progress changelog for v0.21 can be found here.

Have you updated to this release? Click this link to say hi!

Updating

You can update to this release simply by grabbing an updated copy of index.php and replacing the version in your current wiki (don't forget to take backups! I make every effort to squash as many bugs as possible, but you can never be too certain). You can get an updated copy of index.php in a number of ways:

• By downloading the index.php file attached to this release
• Using the online downloader (always has the latest stable version)
• Using the online downloader offline
• Building your own from source

For more information on the last 2 methods, please see the documentation for more information.

v0.20.3-hotfix3

• Squash password-based warning (#182, thanks, @SeanFromIT!)
• Fix double-dot issue in uploaded files (#182, thanks, @SeanFromIT!)

Hey there! It's another hotfix release. Someone on Reddit noted that warnings were showing up in the demo, so this release fixes that. It's because I updated PHP to 7.4 on the server the demo runs on, and the version of Parsedown shipped with v0.20 doesn't like PHP 7.4 very much.

Again, as with v0.20.1-hotfix1, this is a maintenance release that backports some urgent bugfixes to v0.20. Current development efforts are focused on v0.21. The work-in-progress changelog for v0.21 can be found here.

Updating

You can update to this release simply by grabbing an updated copy of index.php and replacing the version in your current wiki (don't forget to take backups! I make every effort to squash as many bugs as possible, but you can never be too certain). You can get an updated copy of index.php in a number of ways:

• By downloading the index.php file attached to this release
• Using the online downloader (always has the latest stable version)
• Using the online downloader offline
• Building your own from source

For more information on the last 2 methods, please see the documentation for more information.

v0.20.2-hotfix2

• Update Parsedown to squash warnings in PHP 7.4
• Update the docs about how to get a copy

Hey there! This is the first hotfix of v0.20. @nivex discovered a nasty bug in the peppermint.josn access checker - which this release fixes. If the previous releases didn't work for you, try this one.

Note that this release does not include any of the changes that are scheduled for the v0.21 release. If you want those, you should build your own from master according to the docs (or get in touch - I'm happy to send you a prebuilt copy!).

Changes in v0.21 that will be coming at some point include watchlists, email verification, performance improvements for wikis with lots of pages, and more! If you're looking to help out with that, please do get in touch if you know of a good fuzzy hash implementation in PHP for nearest-neighbour search. I'd really appreciate it :P

Anyway, updating is as simple as updating your local index.php - grab your copy from this release, or any other documented method (e.g. the downloader).

Edit: Click here to say hi if you've downloaded this release :D

The full changelog for this release is as follows:

v0.20.1-hotfix1

• Fixed logic error in peppermint.json access checker (thanks, @nivex! #179)

It's that time again! 5 years to the day since I first started working on Pepperminty Wiki (!) 🎂 and 4 months, 19 days and 163 commits since v0.19 was released (discounting the 4 hotfix releases made to patch nasty bugs), today I'm releasing release of v0.20. This is a huge release - check out the feature summary:

• 🌜 New automatic dark mode in the default theme! Uses prefers-color-scheme under-the-hood
• 🌈 Added theme gallery! Read more here
• ⛵ Vastly improved search engine performance, with new advanced query syntax (with even more syntax along the way)
• 🚁 Accessibility improvements - if you're a screen-reader or accessibility tool user, I want to hear from you if you think anything (big or small!) could be improved!
• 🎈 Server-side diagramming support! Allows you to call external programs like nomnoml and render fenced code blocks as an image.

Personally, I'm most proud of the optimisations to the search engine. I've successfully tested it on wikis with ~5.9M words - and while search times vary depending on your input (the new -exclude syntax will actually speed up queries), a single work query for ~5.0M word wikis takes ~50ms O.o

Unfortunately, this does mean that the search index will need to be rebuilt under the new format - and will be slightly larger than before. To get a progress bar for this operation, go to the master settings and click the rebuild button.

Another notable change is the new 'mega-menu' style more menu:

That menu has been bothering me for a while, and thanks to the kind people on Reddit, I've now got a solution.

Note that you'll need to delete nav_links_extra from your peppermint.json in order for it to take effect.

Please test the theme gallery in particular. It's quite complicated under-the-hood, so I'd appreciate some extra eyes on that.

Special thanks to @SeanFromIT for reporting a number of bugs which have been squashed.

If you use Pepperminty Wiki, tweet me @SBRLabs! I'd love to hear about how you're using it.

Lastly, don't forget to take a backup of your wiki before updating. While I've made every effort to squash bugs, you can never be too careful :P

--Starbeamrainbowlabs

Updating

See the instructions here..

Since v0.20-beta1

• Add optional "say hi" button to first-run setup wizard
  • You don't have to click it, but it would be cool if you did :-)

Since v0.19.4-hotfix4

Added

• Added automatic dark mode to default theme using prefers-color-scheme
• [Module API] Added new minify_css module API function by refactoring the page renderer
• [Module API] Change page_renderer::is_css_url() to require an argument
• Added theme gallery, which can be accessed through a link in the master settings (if the new feature-theme-gallery module is present)
  • Theme gallery URLs can be added to the css_theme_autoupdate_url setting
  • A graphical interface can be used to switch between available themes from the galleries
  • No external HTTP requests will be made without consent
  • Themes from galleries auto-update every week by default (adjustable/disable-able with the css_theme_autoupdate_interval setting)
• Added mega-menu support to the nav_links_extra setting - the default value for the nav_links_extra setting has now changed (delete/rename it in your peppermint.json file to get the new version)
  • An object can now be used to define groups of items in the more menu
  • Hopefully it now looks less cluttered :P
• Headings now have an automatic id if you don't specify one (part of #141)
• Server-side diagramming support! See the parser_ext_renderers setting for more information on how to configure it
  • It hooks into external programs such as nomnoml, plantuml, and abcm2ps (ABC musical notation rendering)
  • It's generic enough to allow you to hook into any program that takes an input of some source text, and output some form of image

Fixed

• Fixed a bug in the search query performance metrics
• Fill out the statistics help text
• Added table of contents to help page
• Squashed the large blank space that appears at the bottom of the page editor page when editing long pages
• Accessibility improvements - thanks, Firefox developer tools :D (if you're a screen reader / accessibility tool user and have feedback or any better ideas, please get in touch)
  • Marked the user avatar on the top navigation bar as hidden for screen readers
  • Added aria label to user preferences button
  • Hide site logo from screen readers
• Lists of pages that have a specific tag will now be sorted alphabetically (Unicode characters should be handled correctly too)
• Support Unicode characters when sorting. If it's a list of something, then it's now sorted correctly (e.g. includes pages, tags, etc).
• Squashed a bunch of warnings about a non-static method in the page renderer
• Fixed a warning message in the peppermint.json access checker
• Fixed footnote rendering (thanks again, @SeanFromIT!)

Changed

• Made build.sh build script more robust, especially when generating the documentation.
• Vastly improved search engine performance
  • A new SQLite-based index format is now used, so search indexes will need to be rebuilt (migrating would probably take longer than a rebuild :-/)
• New search query syntax
• When making remote requests, Pepperminty Wiki will now correctly set the user agent string
  • The server's expose_php setting is respected - if it's disabled, then the PHP version will not be exposed.
  • Pepperminty Wiki shouldn't make remote requests without you asking it to - see above and the theme gallery
• Improved peppermint.json.compromised error message - if it's still unclear, please let me know
• Fiddled with the extra data extractor, as it seems that some people were experiencing strange issues with stream_get_meta_data()
• [Module API] Refactored the errorimage() function into core, added automatic image size calculation, and multi-line support

Since v0.19.0

• Fixed page revision id incrementing if you don't have a page called history on your wiki (thanks @SeanFromIT!)
• Improve error messages in the extra data unpacker
• Change the extra data unpacker to us tempnam() instead of tmpfile(), since some people appeared to be having issues with the other approach
• Squash a deprecation warning caused by a typo (thanks, @SeanFromIT!)
• Patched another crazy bug in the extra data system in the downloader
• Patched the downloader which was throwing warnings when packing downloads

It's that time again! 4 months, 14 days and 157 commits since v0.19 was released (discounting the 4 hotfix releases made to patch nasty bugs), today I'm releasing the first beta release of v0.20. This is a huge release - check out the feature summary:

• 🌜 New automatic dark mode in the default theme! Uses prefers-color-scheme under-the-hood
• 🌈 Added theme gallery! Read more here
• ⛵ Vastly improved search engine performance, with new advanced query syntax (with even more syntax along the way)
• 🚁 Accessibility improvements - if you're a screen-reader or accessibility tool user, I want to hear from you if you think anything (big or small!) could be improved!
• 🎈 Server-side diagramming support! Allows you to call external programs like nomnoml and render fenced code blocks as an image.

Personally, I'm most proud of the optimisations to the search engine. I've successfully tested it on wikis with ~5.9M words - and while search times vary depending on your input (the new -exclude syntax will actually speed up queries), a single work query for ~5.0M word wikis takes ~50ms O.o

Unfortunately, this does mean that the search index will need to be rebuilt under the new format - and will be slightly larger than before. To get a progress bar for this operation, go to the master settings and click the rebuild button.

Another notable change is the new 'mega-menu' style more menu:

That menu has been bothering me for a while, and thanks to the kind people on Reddit, I've now got a solution.

Note that you'll need to delete nav_links_extra from your peppermint.json in order for it to take effect.

Please test the theme gallery in particular. It's quite complicated under-the-hood, so I'd appreciate some extra eyes on that before I do a stable release.

Special thanks to @SeanFromIT for reporting a number of bugs which have been squashed.

If you use Pepperminty Wiki, tweet me @SBRLabs! I'd love to hear about how you're using it.

Lastly, don't forget to take a backup of your wiki before updating. While I've made every effort to squash bugs, you can never be too careful :P

--Starbeamrainbowlabs

Updating

See the instructions here.

Note that because this is a beta release, the online downloader hasn't been updated yet (that'll happen on the next stable release). Try the copy attached to this release instead, run the downloader locally, or build your own using the CLI.

Since v0.19.4-hotfix4

Added

• Added automatic dark mode to default theme using prefers-color-scheme
• [Module API] Added new minify_css module API function by refactoring the page renderer
• [Module API] Change page_renderer::is_css_url() to require an argument
• Added theme gallery, which can be accessed through a link in the master settings (if the new feature-theme-gallery module is present)
  • Theme gallery URLs can be added to the css_theme_autoupdate_url setting
  • A graphical interface can be used to switch between available themes from the galleries
  • No external HTTP requests will be made without consent
  • Themes from galleries auto-update every week by default (adjustable/disable-able with the css_theme_autoupdate_interval setting)
• Added mega-menu support to the nav_links_extra setting - the default value for the nav_links_extra setting has now changed (delete/rename it in your peppermint.json file to get the new version)
  • An object can now be used to define groups of items in the more menu
  • Hopefully it now looks less cluttered :P
• Headings now have an automatic id if you don't specify one (part of #141)
• Server-side diagramming support! See the parser_ext_renderers setting for more information on how to configure it
  • It hooks into external programs such as nomnoml, plantuml, and abcm2ps (ABC musical notation rendering)
  • It's generic enough to allow you to hook into any program that takes an input of some source text, and output some form of image

Fixed

• Fixed a bug in the search query performance metrics
• Fill out the statistics help text
• Added table of contents to help page
• Squashed the large blank space that appears at the bottom of the page editor page when editing long pages
• Accessibility improvements - thanks, Firefox developer tools :D (if you're a screen reader / accessibility tool user and have feedback or any better ideas, please get in touch)
  • Marked the user avatar on the top navigation bar as hidden for screen readers
  • Added aria label to user preferences button
  • Hide site logo from screen readers
• Lists of pages that have a specific tag will now be sorted alphabetically (Unicode characters should be handled correctly too)
• Support Unicode characters when sorting. If it's a list of something, then it's now sorted correctly (e.g. includes pages, tags, etc).
• Squashed a bunch of warnings about a non-static method in the page renderer
• Fixed a warning message in the peppermint.json access checker
• Fixed footnote rendering (thanks again, @SeanFromIT!)

Changed

• Made build.sh build script more robust, especially when generating the documentation.
• Vastly improved search engine performance
  • A new SQLite-based index format is now used, so search indexes will need to be rebuilt (migrating would probably take longer than a rebuild :-/)
• New search query syntax
• When making remote requests, Pepperminty Wiki will now correctly set the user agent string
  • The server's expose_php setting is respected - if it's disabled, then the PHP version will not be exposed.
  • Pepperminty Wiki shouldn't make remote requests without you asking it to - see above and the theme gallery
• Improved peppermint.json.compromised error message - if it's still unclear, please let me know
• Fiddled with the extra data extractor, as it seems that some people were experiencing strange issues with stream_get_meta_data()
• [Module API] Refactored the errorimage() function into core, added automatic image size calculation, and multi-line support

Since v0.19.0

• Fixed page revision id incrementing if you don't have a page called history on your wiki (thanks @SeanFromIT!)
• Improve error messages in the extra data unpacker
• Change the extra data unpacker to us tempnam() instead of tmpfile(), since some people appeared to be having issues with the other approach
• Squash a deprecation warning caused by a typo (thanks, @SeanFromIT!)
• Patched another crazy bug in the extra data system in the downloader
• Patched the downloader which was throwing warnings when packing downloads

Another hotfix release, brought to you by the excellent @SeanFromIT.

This one fixes a nasty bug in the page revision history that has the potential to cause a number of unfortunate issues.

Since v0.19.3-hotfix3

• Fixed page revision id incrementing if you don't have a page called history on your wiki (thanks @SeanFromIT!)

Another hotfix! This time it's (mainly) due to a nasty typo found by the excellent @SeanFromIT - but there are more improvements to the unpacker too, as some people were still experiencing issues with it.

Since v0.19.2-hotfix2

• Improve error messages in the extra data unpacker
• Change the extra data unpacker to us tempnam() instead of tmpfile(), since some people appeared to be having issues with the other approach
• Squash a deprecation warning caused by a typo (thanks, @SeanFromIT!)

Another crazy bug just popped up because of the last hotfix..... so I'm fixing it in a second hotfix.

If your wiki is running fine on v0.19.0, then you don't need to download this hotfix.

v0.19.2-hotfix2

• Patched another crazy bug in the extra data system in the downloader

Oops! Looks like there was a bug in the downloader. This release is a small hotfix that squashes it.

While additional features and less critical bug fixes have been implemented and made for v0.20 on the master branch, this release does not contain those - instead it's a small hotfix containing just the one bug fix that's backported from master.

Since v0.19

• Patched the downloader which was throwing warnings when packing downloads

The update that changed the world! Turn everything upside-down.

v0.19 is here! Even though it might not feel like it, this update is a big one, and it changes a number of fundamental internals about the way that Pepperminty Wiki is packaged - which should lead to exciting new features down the line!

Notable Changes

• 🏭 Completed refactored the build system. Now an internet connection is not required for the initial setup on first page load!
• 💎 Splinter the Pepperminty Wiki core into shards to make it more maintainable
• 🧙 Added a new first-run wizard that appears when you first setup a brand-new wiki to help new users get up and running quickly.
• 🔍 Added PDF file preview & a download button for unsupported files
• 📦 Minify the page index by default.
• 🔊 Default to allowing upload of .ogg and .flac files
• 📄 Update Parsedown, the default markdown parser, and use the new untrusted feature to secure the rendering of comments

Full Changelog

Since v0.19-beta2

(No changes have been made since the last beta release.)

Since v0.19-beta1

Changed

• Updated the theme of the new documentation
• Revised the writing modules section of the documentation

Since v0.18

Fixed

• Fixed double-escaping of rendered HTML when nesting templates
• Squashed a warning if the search index doesn't exist yet
• Fixed a crash in the stats updater if no pages in the system have tags yet
• Consolidated email and emailAddress fields into the latter in the user table (#167)
• Fixed a crash when trying to access the user table when not logged in as an administrator.
• Fixed help text for the file upload module
• Squashed a warning when uploading a file

Added

• [Module API] Added new extra data system. See parser-parsedown and page-edit for an example.
  • Extra data is packed into a zip archive, which is packed into index.php via __halt_compiler();
  • See the parser-parsedown and page-edit modules for examples on how to use it.
• [Module API] Added new delete_recursive() function.
• Added a new obvious link to the user table at the top of the master settings page.
• Added a new first-run wizard to help new users set up the basics of their wiki.
  • It also checks to ensure that access to peppermint.json is blocked correctly (coming soon as a one-time check to pre-existing wikis)
  • Pre-existing wikis will not see this first-run wizard - a new firstrun_complete setting has been added that's automatically set to true if Pepperminty Wiki does a settings upgrade
• Default to allowing lossless flac and ogg audio files to be uploaded
• Added new minify_pageindex setting, which defaults to true and causes the page index to be minified when saved. Improves performance slightly (especially on larger wikis as the page index grows), but makes debugging and ninja-edits more awkward.
• [Module API] Added new save_pageindex() function which respects the above setting.
• Added PDF preview using your browser's default PDF viewer!
• Added download button for unsupported file types

Changed

• Core sharding: split core.php into multiple files
• Big update to the backend Markdown parser Parsedown
  • Use Parsedown's new untrusted feature for comments
  • Added new all_untrusted setting to allow treating everything as untrusted (default: false) - turn it on if your wiki allows anonymous edits
• Switch to nightdocs instead of docpress - the new docs are available here!
• Add moar badges to the README & docs :D

Removed

Not often I have a removed section!

• [Module API] Remove remote file system in favour of the new extra data system. No more first-run downloads! They are all done at compile-time now.