Merge branch 'master' of github.com:dom-mel/dokuwiki

Replaced mail_send calls with new Mailer class

Use mailprefix also for registration and resend password notification mails (FS#2366)

honor autopasswd setting for resend password

When autopasswd is disabled, the resend password option now asks for a
new password instead of autogenerating a new one and sending it by mail.

Note to

honor autopasswd setting for resend password

When autopasswd is disabled, the resend password option now asks for a
new password instead of autogenerating a new one and sending it by mail.

Note to translators: the wording for btn_resendpwd and resendpwd changed
to be more universal. English and German language files where updated -
other languages need to be adjusted.

Conflicts:

inc/lang/en/lang.php

show more ...

use correct phpdoc @return tag.

Merge pull request #19 from gbirke/master

Make cookie path configurable

stay logged in when updating your password

This functionality broke in recent updates to the cookie handling. This
patch makes it work again.
Binding to the session is now a functionality of auth_co

stay logged in when updating your password

This functionality broke in recent updates to the cookie handling. This
patch makes it work again.
Binding to the session is now a functionality of auth_cookiesalt()

show more ...

bind non-sticky logins to the session id FS#2202

store session pass as hash

This avoids having the blowfish encrypted pass stored together with the
decryption key on the same server.

improved actionOK and its use

refactored passowrd hashing functions to a class

this splits the long auth_cryptPassword() function into many member
functions of a new class PassHash which should make it more
maintainable and reus

refactored passowrd hashing functions to a class

this splits the long auth_cryptPassword() function into many member
functions of a new class PassHash which should make it more
maintainable and reusable for other projects.

This also adds two new methods djangomd5 and djangosha1 as used by the
popular python framework Django.

Maybe the auth_cryptPassword() and auth_verifyPassword() functions
should be deprecated in favor of using the class directly?

show more ...

Handle renamed authorization variables

Sometimes (when using rewriting with the workaround for CGI mode
described at
http://www.besthostratings.com/articles/http-auth-php-cgi.html) the
HTTP_AUTHORIZ

Handle renamed authorization variables

Sometimes (when using rewriting with the workaround for CGI mode
described at
http://www.besthostratings.com/articles/http-auth-php-cgi.html) the
HTTP_AUTHORIZATION variable is renamed, this change detects this
renaming and uses the renamed variable.

show more ...

Added support for Wordpress' password hashing FS#2134

Merge branch 'master' of github.com:splitbrain/dokuwiki

If cookiedir is configured, use it.

If $conf['cookiedir'] is set, use this setting instead of DOKU_REL.

Fix handling of case in auth_isMember; add and fix test cases

preg_quote namespaces in auth_aclcheck

Like ids namespaces are now preg_quoted in the acl check (and therefore
the escaping of "*" has been removed). When plugins call the ACL check
function with st

preg_quote namespaces in auth_aclcheck

Like ids namespaces are now preg_quoted in the acl check (and therefore
the escaping of "*" has been removed). When plugins call the ACL check
function with strange ids the regex fails otherwise (in the case of the
include plugin errors like "Warning: preg_grep() [function.preg-grep]:
Compilation failed: missing terminating ] for character class at offset
47" have been reported by two users).

I've run the acl tests after this change and everything passes so this
shouldn't break anything but please test this especially with protected
wikis as this change modifies the code that handles namespace
permissions. Furthermore permissions for a namespace foobar are no
longer applied to namespaces with names like foo.ar, I hope nobody has
used that "feature".

When you are using per-user namespaces, user registration is open and
either write or read protection for these namespaces is important to
you this is a security fix for you: When someone wants to get access to
the namespace of a user "foo.bar" he can register as "fooxbar" (where
"x" is an arbitrary character) and will have access to the user
namespace of the user "foo.bar" as when a page in "foo.bar" is checked
it will match the rule for "fooxbar".

show more ...

added auth_isMember()

This function abstracts checking a given user and her groups against a
given member list (as used in the superuser and manager options).

It is also used in auth_isManager() an

added auth_isMember()

This function abstracts checking a given user and her groups against a
given member list (as used in the superuser and manager options).

It is also used in auth_isManager() and auth_isAdmin(), unlike the
previous function, this one skips the nameencode step as it should be
unnessary here (all input is given decoded).

The test cases where extended by some non-ID user and group names.

People with non-plain auth backends should check that their
administrator and manager setups still work as expected

show more ...

tmp

Remove enc=utf-8 in VIM modeline as it is not allowed in VIM 7.3

As of VIM 7.3 it is no longer possible to specify the encoding in the
modeline. This gives an error message whenever such a file is o

Remove enc=utf-8 in VIM modeline as it is not allowed in VIM 7.3

As of VIM 7.3 it is no longer possible to specify the encoding in the
modeline. This gives an error message whenever such a file is opened,
thus this commit removes the enc setting from the modeline.

show more ...

a more correct fix for FS#2039

properly encode user wildcard in ACLs FS#2039

Do not allow empty strings as superuser or manager FS#2009

Use config_cascade for ACLs and plain auth users FS#1677

fixed wildcard handling in ACL manager FS#1955

This patch also removes legacy support for @USER@. Only %USER% is valid
now.