coding style: control flow line breaks

coding style: control flow whitespaces

recover comments in list

coding style: function call spacing

codestyle adjustments: function declaration braces/spaces

codestyle adjustments: function argument spacing

Apply rector fixes to the rest of inc

add setting to define the samesite cookie policy

As mentioned in
https://github.com/dokuwiki/dokuwiki/pull/3994#pullrequestreview-1473052428
there might be occasions when users might want to change

add setting to define the samesite cookie policy

As mentioned in
https://github.com/dokuwiki/dokuwiki/pull/3994#pullrequestreview-1473052428
there might be occasions when users might want to change the policy to a
stricter one or the somewhat more lenient Lax implementation of current
browsers.

show more ...

use samesite=Lax cookie attribute #2849

Since this has been the default in Chrome for a while, no sideeffects
are to be expected.

Check Basic Auth scheme in Authorization header

Prior to this, auth_setup() would simply assume that the Authorization
header was using the Basic auth scheme, but there are other available
ones, whi

Check Basic Auth scheme in Authorization header

Prior to this, auth_setup() would simply assume that the Authorization
header was using the Basic auth scheme, but there are other available
ones, which could result in incorrect processing of the header's data.

We now specifically check that we have the `Basic` scheme, and only then
perform the base64_decode to get the username and password.

show more ...

Merge pull request #3754 from splitbrain/sexplode

introduce sexplode() as a PHP8 safe explode()

Update core code to make use of sexplode()

This makes use of our own explode mechanism everywhere were we expect a
fixed number of results.

use $INPUT to access authentication environment #3750

This should fix warnings about missing data.

Remove Accept-Encoding from auth_browseruid()

Browsers do not send the same Accept-Encoding header for all requests, so using
it as part of auth_browseruid() can break things. For example, the audi

Remove Accept-Encoding from auth_browseruid()

Browsers do not send the same Accept-Encoding header for all requests, so using
it as part of auth_browseruid() can break things. For example, the audio
CAPTCHA in the official CAPTCHA plugin stopped matching its corresponding
image. Details here:

https://github.com/splitbrain/dokuwiki-plugin-captcha/issues/115#issuecomment-1215007408

show more ...

replace deprecated method calls

guard against unset parameters

Many string function will throw a deprecation warning in PHP 8.1 when
null is passed. This adds a few guards in some of our methods (not all,
yet)

Merge branch 'pr/3268'

Updated to reflect the discussions in #3268 - removed all IE support

* pr/3268:
Remove HTTP_ACCEPT from auth_browseruid()
Improve auth_browseruid()

fix handling of loading auth backend

When a non existing auth backend was configured, the action router ran
into an infinie loop exception. The reason was that the denied action
required a configure

fix handling of loading auth backend

When a non existing auth backend was configured, the action router ran
into an infinie loop exception. The reason was that the denied action
required a configured auth system, but denying access should always
work.

Interestingly the problem did not occur when the auth backend signalled
a failure to load. This was because the auth backend was not properly
deinitialized. This is now done.

To aid debugging similar problems, fatal errors are now logged through
the logging mechanism in the action router

show more ...

auth_ismanager: fix group check on PHP8

casting and array access specifity seem to differ on PHP8, breaking the
fix in 1525c2281e6bc28f12ce8a59976e68e5a0e788fa

Simplify code for checking user groups

Merge branch 'master' into auth-ismanager-check

Fix undefined array key warning in auth.php

Got the following warnings on PHP 8.

- Undefined array key "DW<cookie_hash>" in .../inc/auth.php on line 248
- Trying to access array offset on value of

Fix undefined array key warning in auth.php

Got the following warnings on PHP 8.

- Undefined array key "DW<cookie_hash>" in .../inc/auth.php on line 248
- Trying to access array offset on value of type null in .../inc/auth.php on line 248

show more ...

Fix groups match in auth_ismanager and auth_isadmin

Even if a user was passed to the check but no groups, current user's groups were used for the match

replace deprecated function calls #3266

Remove HTTP_ACCEPT from auth_browseruid()

The Accept header changes based on requested resource type,
so it is not suited for auth_browseruid().