make password reset token completely random

No need for HMAC here because there's no length attack vector here. We
only care for the existance of the file and each reset request is
completely (rando

make password reset token completely random

No need for HMAC here because there's no length attack vector here. We
only care for the existance of the file and each reset request is
completely (random) independent from each other.

show more ...

use HMAC in password reset token FS#2794

fixed wrong use of quotes in authtype warning message

Fix wrong config key in deprecated auth message

restrict 'authtype deprecated' alert to superusers only

backward compatibility for old authtype settings

Fix remaining missing $INPUT uses FS#2577

This adds $INPUT in all places where it was still missing and available.
$INPUT is now also used in places where using $_REQUEST/... was okay in
order to ma

Fix remaining missing $INPUT uses FS#2577

This adds $INPUT in all places where it was still missing and available.
$INPUT is now also used in places where using $_REQUEST/... was okay in
order to make the code consistent.

show more ...

Fix handling of failed authentication loading

In the case of a failed authentication initialization, the
authentication setup was simply continued with an unset $auth object.
This restores the previ

Fix handling of failed authentication loading

In the case of a failed authentication initialization, the
authentication setup was simply continued with an unset $auth object.
This restores the previous behavior (before merging #141) of simply
returning after unsetting $auth. Furthermore this re-introduces the
check if $auth is set before checking $auth and removes a useless
check if $auth is true (could never be false).

show more ...

fixed auth_browseruid on IE9

IE9 send different HTTP_ACCEPT_LANGUAGE header on ajax request. This causes different results from auth_browseruid. This patch removes the HTTP_ACCEPT_LANGUAGE from the

fixed auth_browseruid on IE9

IE9 send different HTTP_ACCEPT_LANGUAGE header on ajax request. This causes different results from auth_browseruid. This patch removes the HTTP_ACCEPT_LANGUAGE from the browser id calculation.

show more ...

introduced http_status() for sending HTTP status code FS#1698

It seems, some servers require a special Status: header for sending the
HTTP status code from PHP (F)CGI to the server. This patch intro

introduced http_status() for sending HTTP status code FS#1698

It seems, some servers require a special Status: header for sending the
HTTP status code from PHP (F)CGI to the server. This patch introduces a
new function (adopted from CodeIgniter) for simplifying the status
handling.

show more ...

Merge branch 'master' into future

* master: (162 commits)
fixed revision JS for images
upgraded SimplePie to 1.3.1 FS#2708
removed obsolete browser plugin (migrate does it)
adjust spacing to

Merge branch 'master' into future

* master: (162 commits)
fixed revision JS for images
upgraded SimplePie to 1.3.1 FS#2708
removed obsolete browser plugin (migrate does it)
adjust spacing to match standard 1.4em grid
added comment on use of whitelist vs blacklist
Updated idfilter() function for IIS
use var and remove suggestions when needed Use variable for maximum number of suggestions for quicksearch. And hide suggestions when search field is emptied, or when no suggestion are found.
added 'home' class to first link in hierarchical breadcrumbs
reduced required max width to go into tablet mode
re-added linear gradients for firefox
added missing styling for disabled form elements (FS#2705)
fixed acronyms in italics (FS#2684)
improved print styles (includes fixes for FS#2645 and FS#2707)
basic styles improvements
Greek language update
Use list in acl help text, for more structure
Galician language update
touch the config on save, even if no changes were made
unwind the width narrowing commit
put some whitespace between form submit button and fieldset bottom border
...

Conflicts:
lib/plugins/config/admin.php
lib/plugins/config/settings/config.class.php

show more ...

Merge branch 'subscription' Pull Request #125

* subscription: (25 commits)
link directly to subscription management in mails
only use mailfromnobody for bulk mails
added missing context for li

Merge branch 'subscription' Pull Request #125

* subscription: (25 commits)
link directly to subscription management in mails
only use mailfromnobody for bulk mails
added missing context for list mails
readded mailfromnobody to subscription sending
correctly escape diffs in HTML mails
fixed lists in HTML mails
simplified subscription->add() code a bit
comment adjusted
removed unused vars
removed data parameter in subscription_handle_post()
fixed tests
some reformatting
added compatibility function
moved registration notification to subscription class
fixed merge error in inc/auth.php
consolidate more notification code in subscription class
minor cleanup
initialize new subscriptions with current time
fixed subscription management
correctly check if subscriptions are enabled
...

show more ...

Made auth_aclcheck always return int

The returned type is important in particular when we deal with xmlrpc. Indeed,
this value is directly returned to the client eg when the wiki.getAllPages method

Made auth_aclcheck always return int

The returned type is important in particular when we deal with xmlrpc. Indeed,
this value is directly returned to the client eg when the wiki.getAllPages method
is queried.

Currently the 'perms' attribute may be either an int or a string, and its up to
the xmlrpc client to resolve it (although Dokuwiki's documentation only tells it
can be an int).

This patch makes sure we'll always return perms as int.

show more ...

moved registration notification to subscription class

fixed merge error in inc/auth.php

merged the wrong change here

Merge branch 'master' into subscription

* master: (175 commits)
some coding style improvements
added .idea project folder to gitignore
use correct setUp method and parent calls.
Correct Germ

Merge branch 'master' into subscription

* master: (175 commits)
some coding style improvements
added .idea project folder to gitignore
use correct setUp method and parent calls.
Correct German plugin manager translation (download != install)
correct return in sendDigest()
Fix case-insensitive match in ACL checking
GeSHi update to 1.0.8.11
ignore empty header on mail sending
remove empty BCC/CC mail headers
Galician language update
some welcome page changes
Combine subsequent calls to strtr into a single transformation
changed semicolon to colon in link to welcome page to make it less confusing
fixed wrong sidebar showing in namespaces when sidebar is disabled
Typo fix for TL;DR
removed a bunch of outdated and irrelevant networking acronyms
added another place to look for logo to make it more consistent (FS#2656)
French language update
Czech language update
compat js findPosX/y more closely mimic historical function
...

Conflicts:
inc/auth.php
inc/common.php
inc/subscription.php
lib/exe/indexer.php

show more ...

Fix case-insensitive match in ACL checking

ACL checking of DokuWiki is currently always case-sensitive
regardless of auth backend setting ($auth->isCaseSensitive).
This commit enables case-insensiti

Fix case-insensitive match in ACL checking

ACL checking of DokuWiki is currently always case-sensitive
regardless of auth backend setting ($auth->isCaseSensitive).
This commit enables case-insensitive match in the same way
of auth_isMember().

show more ...

Merge branch 'master' into future

* master: (45 commits)
TarLib code cleanup
TarLib: fixed appending in non-dynamic mode
fixed third method of adding files in TarLib
fix lone zero block in T

Merge branch 'master' into future

* master: (45 commits)
TarLib code cleanup
TarLib: fixed appending in non-dynamic mode
fixed third method of adding files in TarLib
fix lone zero block in TarLib created archives
fix use of constructor in TarLib
Slovak language update
Korean language update
Latvian language update
removed redundant variables in tpl_include_page() (because of 3ff8773b)
added cut off points for mobile devices as parameters to style.ini
Corrected typo: ruke -> rule
Persian language update
Spanish language update
russian language update
Kazach language update
correctly check hash parameter in media dispatcher FS#2648
avoid broken browser_uid on IE
Removed acronyms for "Perl" and "PERL" as Perl is not an acronym. See http://learn.perl.org/faq/perlfaq1.html#Whats-the-difference-between-perl-and-Perl-
Made striplangs.php executable
release preparations
...

show more ...

avoid broken browser_uid on IE

Internet Explorer 8 (and maybe others) seem to use different
capitalization in the ACCEPT_CHARSET header between "normal" requests
and AJAX requests. This causes a bro

avoid broken browser_uid on IE

Internet Explorer 8 (and maybe others) seem to use different
capitalization in the ACCEPT_CHARSET header between "normal" requests
and AJAX requests. This causes a browser UID mismatch and thus an
unecessary reauthentication.

show more ...

changed default auth to authplain

We need to decide how to handle the renaming of the auth classes. Should
this be done automatically somehow? Or is an admin expected to fix this
manually when updat

changed default auth to authplain

We need to decide how to handle the renaming of the auth classes. Should
this be done automatically somehow? Or is an admin expected to fix this
manually when updating?

show more ...

Merge remote-tracking branch 'janschumann/master' into future

This merge fixes all conflicts but is otherwise untested and might break
funktionality in the auth system somewhere. It NEEDS MAJOR TEST

Merge remote-tracking branch 'janschumann/master' into future

This merge fixes all conflicts but is otherwise untested and might break
funktionality in the auth system somewhere. It NEEDS MAJOR TESTING!

Some refactoring of the auth plugins is still needed:

* move to PHP5 style
* fix comments
* add plugin.info.txt

* janschumann/master:
Refactored auth system: All auth methods are now introduced as plugins.
Bugfix: auth types are now correcty added
Setup auth system from plugins
Added Auth-Plugin-Prototype to autoload
Load auth types from plugins in settings_authtype class
Added prototype for Auth-Plugins
added plugin type 'auth'

Conflicts:
inc/auth.php
inc/auth/pgsql.class.php
inc/init.php
inc/load.php
lib/plugins/auth.php
lib/plugins/authad/auth.php
lib/plugins/authldap/auth.php
lib/plugins/authmysql/auth.php
lib/plugins/authplain/auth.php

show more ...

consolidate more notification code in subscription class

This is untested and probably broken currently

Prevent access to undefined $auth variable

more $INPUT use FS#2577

fixed ACL loading after the recent changes/messup