Merge pull request #4633 from dokuwiki/issue-1690

fix(mail): keep '&' intact in mailto links with multiple query params

fix(auth): scope media ACL checks to the namespace

Media files have no per-file ACLs; permissions must be evaluated against
the namespace they live in. Several call sites passed the raw media ID
to

fix(auth): scope media ACL checks to the namespace

Media files have no per-file ACLs; permissions must be evaluated against
the namespace they live in. Several call sites passed the raw media ID
to auth_quickaclcheck(), so a page-intended exact-ID rule (e.g. on
wiki:secret.png) could silently apply to a media file sharing that ID.

Introduce mediaAclPath() that builds the correct namespace wildcard
path (handling root-namespace media) and route all media-related ACL
checks through it. Also normalize the lone `:X` sentinel variant in
fetch.functions.php to the standard `:*` form.

fixes: #4647

show more ...

fix(mail): keep '&' intact in mailto links with multiple query params

Move the email-handling helpers (obfuscate, mail_isvalid,
mail_quotedprintable_encode, mail_setup) out of the procedural
inc/mai

fix(mail): keep '&' intact in mailto links with multiple query params

Move the email-handling helpers (obfuscate, mail_isvalid,
mail_quotedprintable_encode, mail_setup) out of the procedural
inc/mail.php into a namespaced dokuwiki\MailUtils class plus a new
Mailer::configInit(), and add a separate MailUtils::obfuscateUrl() for
the mailto-href context.

The xhtml renderer and PluginTrait now build the link label and the
href separately: the address half is run through the mailguard
obfuscation, the query string is preserved verbatim with only HTML
escaping applied. This fixes #1690 — in 'visible' mode the previous
code rawurlencoded the entire address+query, turning '?' into '%3F' and
breaking multi-parameter mailto links; in all modes the query string is
no longer mangled by the [at]/[dot] substitution.

Core call sites (Mailer, auth, LegacyApiCore, common, the xhtml
renderer, the parser, the bundled config/styling/usermanager plugins)
are migrated to MailUtils directly. The old top-level functions and
PREG_PATTERN_VALID_EMAIL constant remain as deprecated shims with
rector mappings.

Tests for obfuscate / mail_isvalid / mail_quotedprintable_encode are
consolidated into a single _test/tests/MailUtilsTest.php and extended
with regression coverage for the multi-parameter, double-escape and
URL-shape cases.

Closes #1690
Replaces #1964

show more ...

updated rector and applied it

fix legacy XMLRPC call dokuwiki.appendPage #4418

API: legacy compatibility fix

wiki.getAllPages and dokuwiki.getPagelist differed in how the last
modification timestamp was communicated.

This should fix splitbrain/dokuwiki-plugin-sync#70

LegacyAPI: fix return types on missing pages

API: fix media handling in legacy API

API: add backward compatibility to API Version 11

This adds legacy support for the old API calls. This is mostly untested
but should work. Returns might not be 100% compatible in all cases but I
did

API: add backward compatibility to API Version 11

This adds legacy support for the old API calls. This is mostly untested
but should work. Returns might not be 100% compatible in all cases but I
did my best to return the same things as before.

This will be removed in the future of course and is just to not
completely break any API usage immeadiately.

show more ...