Indexer: signal nothing-to-do via boolean return instead of void

The TaskRunner runs indexing, sitemap, digest and changelog-trim tasks
in sequence and relies on each task returning false when it di

Indexer: signal nothing-to-do via boolean return instead of void

The TaskRunner runs indexing, sitemap, digest and changelog-trim tasks
in sequence and relies on each task returning false when it did no work
so the next one is tried. The indexer rewrite changed addPage(),
deletePage() and renamePage() to return void and only abort via
exceptions, breaking that contract: indexing always looked like work was
done and the following tasks never ran.

Restore the boolean return on these three methods (true when work was
done, false when there was nothing to do) while still using exceptions
to signal errors, and propagate it through TaskRunner::runIndexer().
runIndexer() also no longer forces reindexing on every call.

The legacy compatibility layer is adjusted to match: LegacyIndexer and
idx_addPage() forward the boolean, mapping SearchExceptions back to the
historic error-message/false returns. LegacyIndexer::renamePage()
restores the 'page is not in index' message that the move plugin expects.

Closes #4661

show more ...

Indexer: treat same-second save and index as up to date

needsIndexing() compared the .indexed tag mtime against the page mtime
with <=, so a page that was saved and indexed within the same second wa

Indexer: treat same-second save and index as up to date

needsIndexing() compared the .indexed tag mtime against the page mtime
with <=, so a page that was saved and indexed within the same second was
always reported as still needing indexing. Require the page to be
strictly newer than the index tag instead, so an equal mtime correctly
counts as up to date.

show more ...

fix(indexer): explicitly handle renames

In an attempt to simplify the index handling, the newly refactored
indexer implemented a rename as delete+add sequence.

This had unintended consequences for

fix(indexer): explicitly handle renames

In an attempt to simplify the index handling, the newly refactored
indexer implemented a rename as delete+add sequence.

This had unintended consequences for the move plugin which may move
several pages at once, requiring a working index even while some pages
have already been moved while others still remain at their old location.

Related to #4646

show more ...

�� Rector and PHPCS fixes

Translation update (sk)

chore: adjust overlong line

fix(auth): scope media ACL checks to the namespace

Media files have no per-file ACLs; permissions must be evaluated against
the namespace they live in. Several call sites passed the raw media ID
to

fix(auth): scope media ACL checks to the namespace

Media files have no per-file ACLs; permissions must be evaluated against
the namespace they live in. Several call sites passed the raw media ID
to auth_quickaclcheck(), so a page-intended exact-ID rule (e.g. on
wiki:secret.png) could silently apply to a media file sharing that ID.

Introduce mediaAclPath() that builds the correct namespace wildcard
path (handling root-namespace media) and route all media-related ACL
checks through it. Also normalize the lone `:X` sentinel variant in
fetch.functions.php to the standard `:*` form.

fixes: #4647

show more ...

refactor(search): extract LegacyIndexer wrapper for BC contract

Move the deprecated helpers (lookupKey, addMetaKeys, renameMetaValue,
getPID, lookup) off Indexer and into a new LegacyIndexer wrapper

refactor(search): extract LegacyIndexer wrapper for BC contract

Move the deprecated helpers (lookupKey, addMetaKeys, renameMetaValue,
getPID, lookup) off Indexer and into a new LegacyIndexer wrapper. The
wrapper also restores the Doku_Indexer return contract (true|string)
around addPage/deletePage/renamePage/clear so plugins using the legacy
API keep working without try/catch.

idx_get_indexer() now returns the LegacyIndexer; getPages stays on
Indexer because plugins call it directly on Indexer instances.

fixes #4645

show more ...

Translation update (ro)

fix(infoutils): fix synology os-release file parsing

Only remove comments at the start of the line. Should be enough to make
the file parsable enough for what we need.

Fixes #4572

remove valid_input_set(), inline the only remaining callers

The Input::valid() method on $INPUT already provides the cleaner API
originally requested in #667. The last two callers in Subscribe.php
v

remove valid_input_set(), inline the only remaining callers

The Input::valid() method on $INPUT already provides the cleaner API
originally requested in #667. The last two callers in Subscribe.php
validated against a local $params array (not $_POST/$_GET) and need
to throw a specific exception, so inline a small in_array + throw at
those call sites rather than carry the legacy helper.

The class could probably be made cleaner but that's beyond the scope of
this change.

Closes #667

show more ...

Fix syntax plugin rendering

Reverse the order in which core modes and plugin modes are handled by the \dokuwiki\Parsing\Handler.
Otherwise only the handle() method of the plugin is called, which is

Fix syntax plugin rendering

Reverse the order in which core modes and plugin modes are handled by the \dokuwiki\Parsing\Handler.
Otherwise only the handle() method of the plugin is called, which is fine for core modes. Syntax plugins need to go through plugin() to actually add their own calls.

show more ...

Delete inc/Search/concept.txt

The contents have been added to the wiki

fix(mail): keep '&' intact in mailto links with multiple query params

Move the email-handling helpers (obfuscate, mail_isvalid,
mail_quotedprintable_encode, mail_setup) out of the procedural
inc/mai

fix(mail): keep '&' intact in mailto links with multiple query params

Move the email-handling helpers (obfuscate, mail_isvalid,
mail_quotedprintable_encode, mail_setup) out of the procedural
inc/mail.php into a namespaced dokuwiki\MailUtils class plus a new
Mailer::configInit(), and add a separate MailUtils::obfuscateUrl() for
the mailto-href context.

The xhtml renderer and PluginTrait now build the link label and the
href separately: the address half is run through the mailguard
obfuscation, the query string is preserved verbatim with only HTML
escaping applied. This fixes #1690 — in 'visible' mode the previous
code rawurlencoded the entire address+query, turning '?' into '%3F' and
breaking multi-parameter mailto links; in all modes the query string is
no longer mangled by the [at]/[dot] substitution.

Core call sites (Mailer, auth, LegacyApiCore, common, the xhtml
renderer, the parser, the bundled config/styling/usermanager plugins)
are migrated to MailUtils directly. The old top-level functions and
PREG_PATTERN_VALID_EMAIL constant remain as deprecated shims with
rector mappings.

Tests for obfuscate / mail_isvalid / mail_quotedprintable_encode are
consolidated into a single _test/tests/MailUtilsTest.php and extended
with regression coverage for the multi-parameter, double-escape and
URL-shape cases.

Closes #1690
Replaces #1964

show more ...

�� Rector and PHPCS fixes

keep historic typo in value but not in constant

We need to keep the historic typo in the value ("substition"), but there
is no reason to keep it in the constant.

SearchIndex: fix comment position

single line comment moved to the wrong line on reformatting

�� Rector and PHPCS fixes

Translation update (tr)

Translation update (fr)

refactor(changelog): persist external-edit detection on first read

This addresses the flaky test that makes tests randomly fail (mostly on
windows runners).

The flake in common_saveWikiText_test::t

refactor(changelog): persist external-edit detection on first read

This addresses the flaky test that makes tests randomly fail (mostly on
windows runners).

The flake in common_saveWikiText_test::test_savesequence5 came from
this line in ChangeLog::getCurrentRevisionInfo():

'date' => max($lastRev + 1, time() - 1)

The synthesized "external delete" entry was kept in memory only and
only persisted later, when saveWikiText next called detectExternalEdit.
That meant the formula was evaluated twice on different ChangeLog
instances — once during the test's inspection, and again during the
following saveWikiText — and the two evaluations could pick different
seconds depending on how long the surrounding I/O took. The test
cached the first result in $expectExternal and asserted it against the
on-disk entry written during the second call. On the slower Windows
runner the second call sometimes crossed a second boundary, producing
the off-by-one date mismatch.

The questions I had was, why are we persisting external file deletions
(or edits) only when a page is saved when we are obviously already
detecting it earlier during the changelog read already?

Instead of recording the external delete at the time a new page is
written, it makes sense to record it as soon as we detect it (when the
changelog is requested by a user or a bot). This will make the recoded
timestamp closer to the actual deletion.

This patch refactors the changelog accordingly, but still tries to be
minimal invasive (I think the changelog handling would need much more
refactoring, but that's beyond the scope of this change).

To enable proper locking (when logging an external edit and copying
the attic file), locking had to be moved to the Changelog class,
duplicating some code of io_saveFile.

PageFile::detectExternalEdit() and the deprecated procedural wrapper
detectExternalEdit() in inc/common.php are removed. A codesearch.dokuwiki.org
check confirmed no plugin calls the method directly; the only external
caller of the procedural function is the farmsync plugin, which needs
a parallel update.

show more ...

fix(infoutils): escape git log arguments for Windows compatibility

Single quotes are not shell quoting on Windows cmd, causing git to
parse '%cd' as an ambiguous revision and emit a fatal error to s

fix(infoutils): escape git log arguments for Windows compatibility

Single quotes are not shell quoting on Windows cmd, causing git to
parse '%cd' as an ambiguous revision and emit a fatal error to stderr.
Pass each argument through escapeshellarg() so quoting works on both
Unix and Windows.

show more ...

fix(preview): remove deprecated X-XSS-Protection header

The header was added in 2015 to work around Chrome's XSS Auditor
false-positives on preview pages (issue #1182). Chrome removed the
auditor in

fix(preview): remove deprecated X-XSS-Protection header

The header was added in 2015 to work around Chrome's XSS Auditor
false-positives on preview pages (issue #1182). Chrome removed the
auditor in version 78 (2019); no other browser ever shipped it. The
header is non-standard, deprecated, and a no-op today.

Fixes #4578

show more ...

fix EXIF-rotated images shown cropped in previews, closes #4482

JPEGs with EXIF orientation 5/6/7/8 were rendered cropped in the
mediamanager detail view, the image diff view and the fullscreen
deta

fix EXIF-rotated images shown cropped in previews, closes #4482

JPEGs with EXIF orientation 5/6/7/8 were rendered cropped in the
mediamanager detail view, the image diff view and the fullscreen
detail page: getimagesize() / JpegMeta report raw (rotation-unaware)
pixel dimensions, and passing both w and h to fetch.php defaults to
center-crop.

- Bump splitbrain/slika to 1.1, which ships ImageInfo: a rotation-
aware, metadata-only dimension simulator mirroring Adapter's
fluent API (autorotate/resize/crop).
- Add fit=1 to fetch.php: when both w and h are given, route to
media_resize_image() (bbox fit) instead of media_crop_image().
Token hashes only (id, w, h) so existing tokens stay valid.
- Add MediaFile::getDisplayDimensions($w, $h, $crop) which delegates
to ImageInfo and returns the dims fetch.php would produce.
- Add Display::getDetailHtml() and retire media_preview() / the old
media_image_preview_size() helper. media_tab_view and MediaDiff
now share the Display-based renderer.
- Rewrite tpl_img() (lib/tpl/*/detail.php) to use MediaFile dims +
fit=1 URL; drops the manual ratio math.
- Tests: MediaFileTest covers the dims math, DisplayTest covers the
detail-view HTML (rotated dims, rev-vs-timestamp URL selection,
structure), fetch_imagetoken gains a fit-token compat test.
Fixture _test/data/media/wiki/exif-orient-6.jpg: 20x30 JPEG with
EXIF orientation 6.

show more ...

subscriptions: include diff link in plain-text list mails too

Fixes the docblock of lastRevBefore() and extends the diff link added to
the HTML list mail to the plain-text variant as well, so both f

subscriptions: include diff link in plain-text list mails too

Fixes the docblock of lastRevBefore() and extends the diff link added to
the HTML list mail to the plain-text variant as well, so both formats
stay in sync.

show more ...