Have aclcheck use auth_isadmin

darcs-hash:20080212213222-19e2d-d8a2261fa83d6482afe213ffb41611ae723811de.gz

fix problems if $USERINFO['grps'] is not set

darcs-hash:20071102181850-7ad00-9c2c9b0ef953274b8abdadd95c53e8f4e1982810.gz

don't use realpath() anymore (FS#1261 and others)

The use of realpath() to clean up relative file names caused some
trouble in certain setups relying on symlinks or having restricitve
file structure

don't use realpath() anymore (FS#1261 and others)

The use of realpath() to clean up relative file names caused some
trouble in certain setups relying on symlinks or having restricitve
file structure setups.

This patch replaces all realpath() calls with a PHP only replacement
which should solve those problems.

darcs-hash:20070930184250-7ad00-512ff04c95f57fc9eaf104f80372237a3c94286f.gz

show more ...

Part 2 of the SecurityToken patch to avaoid CSRF attacks

This patch adds a security token to all forms generated through the new
form class. However it is only checked for possible dangerous actions

Part 2 of the SecurityToken patch to avaoid CSRF attacks

This patch adds a security token to all forms generated through the new
form class. However it is only checked for possible dangerous actions like
editing or profile changes.

darcs-hash:20070830191429-7ad00-445efea47a09a4823dfe9e3434ba5b355a80daf6.gz

show more ...

quote fix in auth_nameencode

darcs-hash:20070819211829-7ad00-7f2dbd3d7ad6b4568b8f34209fbcffda6e110f4c.gz

Protect auth_ismanager() from auth modules that don't always provide group data in array (FS#1196)

darcs-hash:20070805203312-d26fc-cab8dbfff8a2d5f7299fa4462771bafc00135728.gz

fix for recent auth change

darcs-hash:20070625210929-7ad00-034c5839bbca3e697d360f72dffcf9d927fea755.gz

degrade to unauthed user when auth backen unavailable FS#1168

Instead of disabling the whole ACL feature when the auth backend is unavailable
just degrade the user to an anonymous user.

darcs-hash:

degrade to unauthed user when auth backen unavailable FS#1168

Instead of disabling the whole ACL feature when the auth backend is unavailable
just degrade the user to an anonymous user.

darcs-hash:20070625205228-7ad00-19cfa3c302b4ee63f0a6562823c5d550f9c9755c.gz

show more ...

never use full URL in cookie paths FS#1146

Introduces a DOKU_REL constant always pointing to the DokuWiki directory regardless
of the used canonical setting.

darcs-hash:20070603191451-7ad00-a5227a3

never use full URL in cookie paths FS#1146

Introduces a DOKU_REL constant always pointing to the DokuWiki directory regardless
of the used canonical setting.

darcs-hash:20070603191451-7ad00-a5227a3632b3337f5da90551d3166d9b5db56638.gz

show more ...

Partial Fix FS#1085

This fix adds a new configuration setting, 'auth_security_timeout', which controls the duration (seconds) before authentication
information is rechecked. The default value is se

Partial Fix FS#1085

This fix adds a new configuration setting, 'auth_security_timeout', which controls the duration (seconds) before authentication
information is rechecked. The default value is set to 900 seconds (15 minutes). Wiki installations particularly concerned
about security should set this value to 0.

DokuWiki maintains a copy of the most recent authentication details in both a browser cookie and server session. Normally these
values are compared on each page visit. If the comparison passes the user is accepted. The same data will be used over and
over until either the cookie or the session expires. FS#1085 is concerned with updates to the original authentication data not
being able to affect this comparison. The new 'auth_security_timeout' setting will force expiration of the saved data after the
specified period has elapsed.

Re-authentication may affect page response, especially on systems which use remote authentication systems.

This fix is considered partial and should be reviewed after the next release with a view to extending the authentication class
to allow those mechanisms which are able to control when DW should revoke authentication.

darcs-hash:20070528194747-d26fc-f471004da604eb66f7131c470e446b98c29d801b.gz

show more ...

Fix broken if in previous patch

darcs-hash:20070302100506-19e2d-342a0477340aa6b2c5fb7e08c520053b7dc33608.gz

Allow @USER@ variable in ACLs

This saves a lot of ACL lines for users namespaces for example:

users:* @ALL 1
users:@USER@ @USER@ 8

darcs-hash:20070301230309-19e2

Allow @USER@ variable in ACLs

This saves a lot of ACL lines for users namespaces for example:

users:* @ALL 1
users:@USER@ @USER@ 8

darcs-hash:20070301230309-19e2d-90a00b70a2af546fd5194ade614c130e9f7864eb.gz

show more ...

make sure cachekey is a string in auth_nameencode FS#1000

darcs-hash:20070106122851-7ad00-9b3b2923e2f917107b29c4dacfc1047b2845a5db.gz

Check cookie auth data silently

darcs-hash:20070109213155-7ad00-9594bbf5c0730221b46f31bb40f31997a09ab4b4.gz

manager user/group

This patch adds support for a manager option as suggested in
http://www.freelists.org/archives/dokuwiki/11-2006/msg00314.html

darcs-hash:20061203134104-7ad00-72ff6422bbb4f79be325

manager user/group

This patch adds support for a manager option as suggested in
http://www.freelists.org/archives/dokuwiki/11-2006/msg00314.html

darcs-hash:20061203134104-7ad00-72ff6422bbb4f79be325c7e77255e1eee32d0f6b.gz

show more ...

HTML_EDITFORM_INJECTION event added

A simple event to inject additional HTML into the editform. This probably
needs to be improved.

darcs-hash:20061114220825-7ad00-ce868b8d8a25f5120c49dc018b8fd1024

HTML_EDITFORM_INJECTION event added

A simple event to inject additional HTML into the editform. This probably
needs to be improved.

darcs-hash:20061114220825-7ad00-ce868b8d8a25f5120c49dc018b8fd1024aff6e12.gz

show more ...

add standard username cleaning to resend password (fixes bug#961)

darcs-hash:20061104174349-9b6ab-74e7c5a3e7a14d12253d36a9d09a35866125a7ec.gz

don't allow commas in full name registration FS#960

darcs-hash:20061103160700-7ad00-01c7039c591ebdffcbe283984b23b2bb4ed4bc74.gz

use DOKU_URL as key for sessions and auth cookie #896 #581 #884

This patch changes the DOKU_COOKIE define to be based on the DOKU_URL define.
DOKU_COOKIE is now used as session key as well, making s

use DOKU_URL as key for sessions and auth cookie #896 #581 #884

This patch changes the DOKU_COOKIE define to be based on the DOKU_URL define.
DOKU_COOKIE is now used as session key as well, making sessions no longer
dependend on the title option. This should fix problems with multiple
wikis on the same host (using the same title) and wikis accessed through
different URLs.

darcs-hash:20061003121546-7ad00-aea4c256b7752815ed422ce74a659152a601d267.gz

show more ...

minor bugfix and boring error removal

darcs-hash:20060923203609-9b6ab-ecca679faa254a29772868508050fcf3206b0814.gz

add authname memory cache

actions which concern multiple pages (e.g. search, backlinks, recents)
end up repeatedly encoding the current user's name and groups. This
change caches the results of the

add authname memory cache

actions which concern multiple pages (e.g. search, backlinks, recents)
end up repeatedly encoding the current user's name and groups. This
change caches the results of the encoding allowing them to be reused.

darcs-hash:20060923161206-9b6ab-a3ec8f1c2ec284d84b9ff85cba1e56165b2967a7.gz

show more ...

move AUTH defines higher up

This moves the defines for the different AUTH levels higher up in inc/auth.php
to set them before including any auth modules. This fixes a problem with the
phpBB auth mod

move AUTH defines higher up

This moves the defines for the different AUTH levels higher up in inc/auth.php
to set them before including any auth modules. This fixes a problem with the
phpBB auth module posted at
http://wiki.splitbrain.org/wiki:tips:integrate_with_phpbb#another_phpbb.class.php

darcs-hash:20060906184814-7ad00-679bd636730e21dca45b9baaf721fb3b34a8695a.gz

show more ...

bug #876, additional data for new user notification email

This patch updates only the english version of the localised
"registermail.txt" file. Other versions need to be updated also.

darcs-hash:2

bug #876, additional data for new user notification email

This patch updates only the english version of the localised
"registermail.txt" file. Other versions need to be updated also.

darcs-hash:20060822072444-9b6ab-ff6cb5bc78277c383e82c3986eeb16168e86c27b.gz

show more ...

more unit test fixes

- move parser.test.php

darcs-hash:20060809192115-9b6ab-973fea51fbfdcf5f44a2ac66000f2ccb5fdd43b4.gz

fixed auth problem introduced in last unittest fix

darcs-hash:20060805163147-7ad00-77e7d9cd88f012cd2ecc6275a574abde30f4a9be.gz